CHANGES revision 810656a187f2c358323bbf679f792f19a46a7973
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2925. [bug] Named failed to accept uncachable negative responses
7d32c065c7bb56f281651ae3dd2888f32ce4f1d9Bob Halley from insecure zones. [RT# 21555]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2924. [func] 'rndc secroots' dump a combined summary of the
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff current managed keys combined with trusted keys.
15a44745412679c30a6d022733925af70a38b715David Lawrence2923. [bug] 'dig +trace' could drop core after "connection
15a44745412679c30a6d022733925af70a38b715David Lawrence timeout". [RT #21514]
15a44745412679c30a6d022733925af70a38b715David Lawrence2922. [contrib] Update zkt to version 1.0.
15a44745412679c30a6d022733925af70a38b715David Lawrence2921. [bug] The resolver could attempt to destroy a fetch context
15a44745412679c30a6d022733925af70a38b715David Lawrence too soon. [RT #19878]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2920. [func] Allow 'filter-aaaa-on-v4' to be applied selectively
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff to IPv4 clients. New acl 'filter-aaaa' (default any).
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence2919. [func] Add autosign-ksk and autosign-zsk virtual time tests.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2917. [func] Virtual time test framework. [RT #20801]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence2916. [func] Add framework to use IPv6 in tests.
6028d1ce0380d0ba7f6c6ecd1ad20b31ddd1becbDavid Lawrence fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2915. [cleanup] Be smarter about which objects we attempt to compile
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff based on configure options. [RT #21444]
09f22ac5b09e70bc526015f37168ba33e21ea91fDavid Lawrence2914. [bug] Make the "autosign" system test more portable.
dc570b92f6cc60def4207733c7a194fbb69a4399Michael Sawyer2913. [func] Add pkcs#11 system tests. [RT #20784]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2912. [func] Windows clients don't like UPDATE responses that clear
09f22ac5b09e70bc526015f37168ba33e21ea91fDavid Lawrence the zone section. [RT #20986]
09f22ac5b09e70bc526015f37168ba33e21ea91fDavid Lawrence2911. [bug] dnssec-signzone didn't handle out of zone records well.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2910. [func] Sanity check Kerberos credentials. [RT #20986]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2909. [bug] named-checkconf -p could die if "update-policy local;"
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff was specified in named.conf. [RT #21416]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2908. [bug] It was possible for re-signing to stop after removing
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley a DNSKEY. [RT #21384]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2907. [bug] The export version of libdns had undefined references.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2906. [bug] Address RFC 5011 implementation issues. [RT #20903]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2905. [port] aix: set use_atomic=yes with native compiler.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2904. [bug] When using DLV, sub-zones of the zones in the DLV,
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer could be incorrectly marked as insecure instead of
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer secure leading to negative proofs failing. This was
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer a unintended outcome from change 2890. [RT# 21392]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2903. [bug] managed-keys-directory missing from namedconf.c.
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff2902. [func] Add regression test for change 2897. [RT #21040]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
b02262cbcd550c63f85df76edc6fff556ea5e95dMichael Graff2900. [bug] The placeholder negative caching element was not
b02262cbcd550c63f85df76edc6fff556ea5e95dMichael Graff properly constructed triggering a INSIST in
b02262cbcd550c63f85df76edc6fff556ea5e95dMichael Graff dns_ncache_towire(). [RT #21346]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2899. [port] win32: Support linking against OpenSSL 1.0.0.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2898. [bug] nslookup leaked memory when -domain=value was
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer specified. [RT #21301]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2897. [bug] NSEC3 chains could be left behind when transitioning
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer to insecure. [RT #21040]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2896. [bug] "rndc sign" failed to properly update the zone
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer when adding a DNSKEY for publication only. [RT #21045]
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer2895. [func] genrandom: add support for the generation of multiple
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer files. [RT #20917]
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer2893. [bug] Improve managed keys support. New named.conf option
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer managed-keys-directory. [RT #20924]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2892. [bug] Handle REVOKED keys better. [RT #20961]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2891. [maint] Update empty-zones list to match
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer draft-ietf-dnsop-default-local-zones-13. [RT# 21099]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2890. [bug] Handle the introduction of new trusted-keys and
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer DS, DLV RRsets better. [RT #21097]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2889. [bug] Elements of the grammar where not properly reported.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2888. [bug] Only the first EDNS option was displayed. [RT #21273]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2887. [bug] Report the keytag times in UTC in the .key file,
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer local time is presented as a comment within the
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer comment. [RT #21223]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2886. [bug] ctime() is not thread safe. [RT #21223]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2885. [bug] Improve -fno-strict-aliasing support probing in
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer configure. [RT #21080]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2884. [bug] Insufficient valadation in dns_name_getlabelsequence().
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2883. [bug] 'dig +short' failed to handle really large datasets.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2882. [bug] Remove memory context from list of active contexts
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer before clearing 'magic'. [RT #21274]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2881. [bug] Reduce the amount of time the rbtdb write lock
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer is held when closing a version. [RT #21198]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2880. [cleanup] Make the output of dnssec-keygen and dnssec-revoke
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer consistent. [RT #21078]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2878. [func] Incrementally write the master file after performing
f9df80f4348ef68043903efa08299480324f4823Michael Graff a AXFR. [RT #21010]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2877. [bug] The validator failed to skip obviously mismatching
f9df80f4348ef68043903efa08299480324f4823Michael Graff RRSIGs. [RT #21138]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2876. [bug] Named could return SERVFAIL for negative responses
f9df80f4348ef68043903efa08299480324f4823Michael Graff from unsigned zones. [RT #21131]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2875. [bug] dns_time64_fromtext() could accept non digits.
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff2874. [bug] Cache lack of EDNS support only after the server
f9df80f4348ef68043903efa08299480324f4823Michael Graff successfully responds to the query using plain DNS.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2873. [bug] Canceling a dynamic update via the dns/client module
f9df80f4348ef68043903efa08299480324f4823Michael Graff could trigger an assertion failure. [RT #21133]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2872. [bug] Modify dns/client.c:dns_client_createx() to only
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff require one of IPv4 or IPv6 rather than both.
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff2871. [bug] Type mismatch in mem_api.c between the definition and
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff the header file, causing build failure with
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff --enable-exportlib. [RT #21138]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2868. [cleanup] Run "make clean" at the end of configure to ensure
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff any changes made by configure are integrated.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff Use --with-make-clean=no to disable. [RT #20994]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff don't like it. [RT #20986]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2866. [bug] Windows does not like the TSIG name being compressed.
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff2865. [bug] memset to zero event.data. [RT #20986]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2864. [bug] Direct SIG/RRSIG queries were not handled correctly.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2862. [bug] nsupdate didn't default to the parent zone when
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff updating DS records. [RT #20896]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2861. [doc] dnssec-settime man pages didn't correctly document the
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff inactivation time. [RT #21039]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2860. [bug] named-checkconf's usage was out of date. [RT #21039]
8c55a67a6d185de7036e39da30561a5c1637d22bAndreas Gustafsson2859. [bug] When cancelling validation it was possible to leak
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff memory. [RT #20800]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2858. [bug] RTT estimates were not being adjusted on ICMP errors.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2857. [bug] named-checkconf did not fail on a bad trusted key.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2856. [bug] The size of a memory allocation was not always properly
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff recorded. [RT #20927]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2855. [func] nsupdate will now preserve the entered case of domain
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence names in update requests it sends. [RT #20928]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2854. [func] dig: allow the final soa record in a axfr response to
f9df80f4348ef68043903efa08299480324f4823Michael Graff be suppressed, dig +onesoa. [RT #20929]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2853. [bug] add_sigs() could run out of scratch space. [RT #21015]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2851. [doc] nslookup.1, removed <informalexample> from the docbook
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff source as it produced bad nroff. [RT #21007]
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff2850. [bug] If isc_heap_insert() failed due to memory shortage
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff the heap would have corrupted entries. [RT #20951]
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff2849. [bug] Don't treat errors from the xml2 library as fatal.
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2848. [doc] Moved README.dnssec, README.libdns, README.pkcs11 and
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff README.rfc5011 into the ARM. [RT #20899]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2847. [cleanup] Corrected usage message in dnssec-settime. [RT #20921]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence2846. [bug] EOF on unix domain sockets was not being handled
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff correctly. [RT #20731]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2845. [bug] RFC 5011 client could crash on shutdown. [RT #20903]
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence2844. [doc] notify-delay default in ARM was wrong. It should have
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff been five (5) seconds.
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2843. [func] Prevent dnssec-keygen and dnssec-keyfromlabel from
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff creating key files if there is a chance that the new
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff key ID will collide with an existing one after
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff either of the keys has been revoked. (To override
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff this in the case of dnssec-keyfromlabel, use the -y
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff option. dnssec-keygen will simply create a
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence different, non-colliding key, so an override is
4556681e191b7c1654639895ce719d98f2822ee2Michael Graff not necessary.) [RT #20838]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2842. [func] Added "smartsign" and improved "autosign" and
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff "dnssec" regression tests. [RT #20865]
4556681e191b7c1654639895ce719d98f2822ee2Michael Graff2841. [bug] Change 2836 was not complete. [RT #20883]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2840. [bug] Temporary fixed pkcs11-destroy usage check.
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff2839. [bug] A KSK revoked by named could not be deleted.
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2838. [placeholder]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2837. [port] Prevent Linux spurious warnings about fwrite().
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff2836. [bug] Keys that were scheduled to become active could
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff be delayed. [RT #20874]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2835. [bug] Key inactivity dates were inadvertently stored in
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff the private key file with the outdated tag
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff "Unpublish" rather than "Inactive". This has been
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff fixed; however, any existing keys that had Inactive
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff dates set will now need to have them reset, using
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff 'dnssec-settime -I'. [RT #20868]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2834. [bug] HMAC-SHA* keys that were longer than the algorithm
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff digest length were used incorrectly, leading to
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff interoperability problems with other DNS
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff implementations. This has been corrected.
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff (Note: If an oversize key is in use, and
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff compatibility is needed with an older release of
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff BIND, the new tool "isc-hmac-fixup" can convert
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff the key secret to a form that will work with all
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff versions.) [RT #20751]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2833. [cleanup] Fix usage messages in dnssec-keygen and dnssec-settime.
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence to avoid redefinition in some OSes [RT 20831]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2831. [security] Do not attempt to validate or cache
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff out-of-bailiwick data returned with a secure
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff answer; it must be re-fetched from its original
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence source and validated in that context. [RT #20819]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2830. [bug] Changing the OPTOUT setting could take multiple
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff passes. [RT #20813]
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff2829. [bug] Fixed potential node inconsistency in rbtdb.c.
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2828. [security] Cached CNAME or DNAME RR could be returned to clients
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff without DNSSEC validation. [RT #20737]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2826. [bug] NSEC3->NSEC transitions could fail due to a lock not
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff being released. [RT #20740]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2825. [bug] Changing the setting of OPTOUT in a NSEC3 chain that
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff was in the process of being created was not properly
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff recorded in the zone. [RT #20786]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2824. [bug] "rndc sign" was not being run by the correct task.
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2823. [bug] rbtdb.c:getsigningtime() was missing locks. [RT #20781]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2822. [bug] rbtdb.c:loadnode() could return the wrong result.
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence2821. [doc] Add note that named-checkconf doesn't automatically
f9df80f4348ef68043903efa08299480324f4823Michael Graff2820. [func] Handle read access failure of OpenSSL configuration
f9df80f4348ef68043903efa08299480324f4823Michael Graff file more user friendly (PKCS#11 engine patch).
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define.
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2818. [cleanup] rndc could return an incorrect error code
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley when a zone was not found. [RT #20767]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2817. [cleanup] Removed unnecessary isc_task_endexclusive() calls.
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff2816. [bug] previous_closest_nsec() could fail to return
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington data for NSEC3 nodes [RT #29730]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington2815. [bug] Exclusively lock the task when freezing a zone.
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley2814. [func] Provide a definitive error message when a master
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington zone is not loaded. [RT #20757]
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff2813. [bug] Better handling of unreadable DNSSEC key files.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2812. [bug] Make sure updates can't result in a zone with
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington NSEC-only keys and NSEC3 records. [RT 20748]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2811. [cleanup] Add "rndc sign" to list of commands in rndc usage
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington output. [RT #20733]
24694ab18a48bcc9c50304bd8b7eb6b9c7650129Brian Wellington2810. [doc] Clarified the process of transitioning an NSEC3 zone
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington to insecure. [RT #20746]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington2809. [cleanup] Restored accidentally-deleted text in usage output
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington in dnssec-settime and dnssec-revoke [RT #20739]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington2808. [bug] Remove the attempt to install atomic.h from lib/isc.
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington atomic.h is correctly installed by the architecture
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington specific subdirectories. [RT #20722]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2807. [bug] Fixed a possible ASSERT when reconfiguring zone
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley keys. [RT #20720]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley --- 9.7.0rc1 released ---
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2806. [bug] "rdnc sign" could delay re-signing the DNSKEY
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley when it had changed. [RT #20703]
996028142c5f95492fcd42e69186b95641320c7bBob Halley2805. [bug] Fixed namespace problems encountered when building
996028142c5f95492fcd42e69186b95641320c7bBob Halley external programs using non-exported BIND9 libraries
24694ab18a48bcc9c50304bd8b7eb6b9c7650129Brian Wellington (i.e., built without --enable-exportlib). [RT #20679]
f7fbd68b1cd96c733140fce938a61faf8b459b6fBrian Wellington2804. [bug] Send notifies when a zone is signed with "rndc sign"
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson or as a result of a scheduled key change. [RT #20700]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2803. [port] win32: Install named-journalprint, nsec3hash, arpaname
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley and genrandom under windows. [RT #20670]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2802. [cleanup] Rename journalprint to named-journalprint. [RT #20670]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2801. [func] Detect and report records that are different according
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley to DNSSEC but are sematically equal according to plain
f9df80f4348ef68043903efa08299480324f4823Michael Graff DNS. Apply plain DNS comparisons rather than DNSSEC
f9df80f4348ef68043903efa08299480324f4823Michael Graff comparisons when processing UPDATE requests.
f9df80f4348ef68043903efa08299480324f4823Michael Graff dnssec-signzone now removes such semantically duplicate
f9df80f4348ef68043903efa08299480324f4823Michael Graff records prior to signing the RRset.
f9df80f4348ef68043903efa08299480324f4823Michael Graff named-checkzone -r {ignore|warn|fail} (default warn)
f9df80f4348ef68043903efa08299480324f4823Michael Graff named-compilezone -r {ignore|warn|fail} (default warn)
f9df80f4348ef68043903efa08299480324f4823Michael Graff named.conf: check-dup-records {ignore|warn|fail};
f9df80f4348ef68043903efa08299480324f4823Michael Graff2800. [func] Reject zones which have NS records which refer to
f9df80f4348ef68043903efa08299480324f4823Michael Graff CNAMEs, DNAMEs or don't have address record (class IN
f9df80f4348ef68043903efa08299480324f4823Michael Graff only). Reject UPDATEs which would cause the zone
f9df80f4348ef68043903efa08299480324f4823Michael Graff to fail the above checks if committed. [RT #20678]
f2762b0d99a9f1cc43f57f713aa632f6abe37892Michael Graff2799. [cleanup] Changed the "secure-to-insecure" option to
f9df80f4348ef68043903efa08299480324f4823Michael Graff "dnssec-secure-to-insecure", and "dnskey-ksk-only"
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2798. [bug] Addressed bugs in managed-keys initialization
d2762d6c3797b1ce43965404d03b410f215932e0Michael Graff and rollover. [RT #20683]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff2797. [bug] Don't decrement the dispatch manager's maxbuffers.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2796. [bug] Missing dns_rdataset_disassociate() call in
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley dns_nsec3_delnsec3sx(). [RT #20681]
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley2795. [cleanup] Add text to differentiate "update with no effect"
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley log messages. [RT #18889]
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley2794. [bug] Install <isc/namespace.h>. [RT #20677]
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley2793. [func] Add "autosign" and "metadata" tests to the
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley automatic tests. [RT #19946]
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley2792. [func] "filter-aaaa-on-v4" can now be set in view
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley options (if compiled in). [RT #20635]
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley2791. [bug] The installation of isc-config.sh was broken.
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley2790. [bug] Handle DS queries to stub zones. [RT #20440]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2788. [bug] dnssec-signzone could sign with keys that were
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington not requested [RT #20625]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington2787. [bug] Spurious log message when zone keys were
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington dynamically reconfigured. [RT #20659]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2786. [bug] Additional could be promoted to answer. [RT #20663]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington --- 9.7.0b3 released ---
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington2785. [bug] Revoked keys could fail to self-sign [RT #20652]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington2784. [bug] TC was not always being set when required glue was
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington dropped. [RT #20655]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington buffer size of 512 or less. [RT #20654]
d1cbf714097e900ed1703529584d3e1a50e8a4a8Brian Wellington2782. [port] win32: use getaddrinfo() for hostname lookups.
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2781. [bug] Inactive keys could be used for signing. [RT #20649]
22057930cd2a71e1073781b650c7296739c869a6Brian Wellington2780. [bug] dnssec-keygen -A none didn't properly unset the
22057930cd2a71e1073781b650c7296739c869a6Brian Wellington activation date in all cases. [RT #20648]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2779. [bug] Dynamic key revokation could fail. [RT #20644]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2778. [bug] dnssec-signzone could fail when a key was revoked
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington without deleting the unrevoked version. [RT #20638]
d1cbf714097e900ed1703529584d3e1a50e8a4a8Brian Wellington2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.
d1cbf714097e900ed1703529584d3e1a50e8a4a8Brian Wellington2776. [bug] Change #2762 was not correct. [RT #20647]
d1cbf714097e900ed1703529584d3e1a50e8a4a8Brian Wellington2775. [bug] Accept RSASHA256 and RSASHA512 as NSEC3 compatible
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington in dnssec-keyfromlabel. [RT #20643]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2774. [bug] Existing cache DB wasn't being reused after
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington reconfiguration. [RT #20629]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2773. [bug] In autosigned zones, the SOA could be signed
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley with the KSK. [RT #20628]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2772. [security] When validating, track whether pending data was from
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley the additional section or not and only return it if
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence validates as secure. [RT #20438]
4556681e191b7c1654639895ce719d98f2822ee2Michael Graff2771. [bug] dnssec-signzone: DNSKEY records could be
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley corrupted when importing from key files [RT #20624]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2770. [cleanup] Add log messages to resolver.c to indicate events
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley causing FORMERR responses. [RT #20526]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2769. [cleanup] Change #2742 was incomplete. [RT #19589]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2768. [bug] dnssec-signzone: -S no longer implies -g [RT #20568]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2767. [bug] named could crash on startup if a zone was
f9df80f4348ef68043903efa08299480324f4823Michael Graff configured with auto-dnssec and there was no
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff key-directory. [RT #20615]
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff2766. [bug] isc_socket_fdwatchpoke() should only update the
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff socketmgr state if the socket is not pending on a
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff read or write. [RT #20603]
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff2765. [bug] Skip masters for which the TSIG key cannot be found.
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff2764. [bug] "rndc-confgen -a" could trigger a REQUIRE. [RT #20610]
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff2763. [bug] "rndc sign" didn't create an NSEC chain. [RT #20591]
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff2762. [bug] DLV validation failed with a local slave DLV zone.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2761. [cleanup] Enable internal symbol table for backtrace only for
f9df80f4348ef68043903efa08299480324f4823Michael Graff systems that are known to work. Currently, BSD
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff variants, Linux and Solaris are supported. [RT# 20202]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2759. [doc] Add information about .jbk/.jnw files to
f9df80f4348ef68043903efa08299480324f4823Michael Graff the ARM. [RT #20303]
4556681e191b7c1654639895ce719d98f2822ee2Michael Graff2758. [bug] win32: Added a workaround for a windows 2008 bug
f9df80f4348ef68043903efa08299480324f4823Michael Graff that could cause the UDP client handler to shut
f9df80f4348ef68043903efa08299480324f4823Michael Graff down. [RT #19176]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2757. [bug] dig: assertion failure could occur in connect
f9df80f4348ef68043903efa08299480324f4823Michael Graff timeout. [RT #20599]
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff2756. [bug] Fixed corrupt logfile message in update.c. [RT# 20597]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2755. [placeholder]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2754. [bug] Secure-to-insecure transitions failed when zone
f9df80f4348ef68043903efa08299480324f4823Michael Graff was signed with NSEC3. [RT #20587]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2753. [bug] Removed an unnecessary warning that could appear when
f9df80f4348ef68043903efa08299480324f4823Michael Graff building an NSEC chain. [RT #20589]
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff2752. [bug] Locking violation. [RT #20587]
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff2751. [bug] Fixed a memory leak in dnssec-keyfromlabel. [RT #20588]
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff2750. [bug] dig: assertion failure could occur when a server
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff didn't have an address. [RT #20579]
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff2749. [bug] ixfr-from-differences generated a non-minimal ixfr
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff for NSEC3 signed zones. [RT #20452]
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff2748. [func] Identify bad answers from GTLD servers and treat them
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff as referrals. [RT #18884]
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff2747. [bug] Journal roll forwards failed to set the re-signing
f9df80f4348ef68043903efa08299480324f4823Michael Graff time of RRSIGs correctly. [RT #20541]
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff2746. [port] hpux: address signed/unsigned expansion mismatch of
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington2745. [bug] configure script didn't probe the return type of
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington gai_strerror(3) correctly. [RT #20573]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington2744. [func] Log if a query was over TCP. [RT #19961]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington2743. [bug] RRSIG could be incorrectly set in the NSEC3 record
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington for a insecure delegation.
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington --- 9.7.0b2 released ---
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington2742. [cleanup] Clarify some DNSSEC-related log messages in
5c688a008a28f215cd772377774e6a1ed07d0525Brian Wellington2741. [func] Allow the dnssec-keygen progress messages to be
5c688a008a28f215cd772377774e6a1ed07d0525Brian Wellington suppressed (dnssec-keygen -q). Automatically
5c688a008a28f215cd772377774e6a1ed07d0525Brian Wellington suppress the progress messages when stdin is not
5c688a008a28f215cd772377774e6a1ed07d0525Brian Wellington a tty. [RT #20474]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff2740. [placeholder]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff2739. [cleanup] Clean up API for initializing and clearing trust
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff anchors for a view. [RT #20211]
069104dd6a1bba610d0c3a413459accf73f3921bBrian Wellington2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff test. [RT #20453]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff2737. [func] UPDATE requests can leak existance information.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2736. [func] Improve the performance of NSEC signed zones with
f9df80f4348ef68043903efa08299480324f4823Michael Graff more than a normal amount of glue below a delegation.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2735. [bug] dnssec-signzone could fail to read keys
f9df80f4348ef68043903efa08299480324f4823Michael Graff that were specified on the command line with
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington full paths, but weren't in the current
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington directory. [RT #20421]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2734. [port] cygwin: arpaname did not compile. [RT #20473]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2733. [cleanup] Clean up coding style in pkcs11-* tools. [RT #20355]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2732. [func] Add optional filter-aaaa-on-v4 option, available
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington if built with './configure --enable-filter-aaaa'.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington Filters out AAAA answers to clients connecting
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington via IPv4. (This is NOT recommended for general
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington use.) [RT #20339]
abaec24086f0cc3d7c0994ca9d2247b40eb6aaedBrian Wellington2731. [func] Additional work on change 2709. The key parser
abaec24086f0cc3d7c0994ca9d2247b40eb6aaedBrian Wellington will now ignore unrecognized fields when the
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington minor version number of the private key format
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington has been increased. It will reject any key with
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington the major version number increased. [RT #20310]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2730. [func] Have dnssec-keygen display a progress indication
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington a la 'openssl genrsa' on standard error. Note
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington when the first '.' is followed by a long stop
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington one has the choice between slow generation vs.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington poor random quality, i.e., '-r /dev/urandom'.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2729. [func] When constructing a CNAME from a DNAME use the DNAME
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington TTL. [RT #20451]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2728. [bug] dnssec-keygen, dnssec-keyfromlabel and
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington dnssec-signzone now warn immediately if asked to
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington write into a nonexistent directory. [RT #20278]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2727. [func] The 'key-directory' option can now specify a relative
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington path. [RT #20154]
abaec24086f0cc3d7c0994ca9d2247b40eb6aaedBrian Wellington2726. [func] Added support for SHA-2 DNSSEC algorithms,
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington RSASHA256 and RSASHA512. [RT #20023]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2725. [doc] Added information about the file "managed-keys.bind"
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley to the ARM. [RT #20235]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2724. [bug] Updates to a existing node in secure zone using NSEC
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff were failing. [RT #20448]
4556681e191b7c1654639895ce719d98f2822ee2Michael Graff2723. [bug] isc_base32_totext(), isc_base32hex_totext(), and
f9df80f4348ef68043903efa08299480324f4823Michael Graff isc_base64_totext(), didn't always mark regions of
f9df80f4348ef68043903efa08299480324f4823Michael Graff memory as fully consumed after conversion. [RT #20445]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff2722. [bug] Ensure that the memory associated with the name of
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff a node in a rbt tree is not altered during the life
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff of the node. [RT #20431]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2721. [port] Have dst__entropy_status() prime the random number
f9df80f4348ef68043903efa08299480324f4823Michael Graff generator. [RT #20369]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2720. [bug] RFC 5011 trust anchor updates could trigger an
f9df80f4348ef68043903efa08299480324f4823Michael Graff assert if the DNSKEY record was unsigned. [RT #20406]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff2719. [func] Skip trusted/managed keys for unsupported algorithms.
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff2718. [bug] The space calculations in opensslrsa_todns() were
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley incorrect. [RT #20394]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2717. [bug] named failed to update the NSEC/NSEC3 record when
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff the last private type record was removed as a result
f9df80f4348ef68043903efa08299480324f4823Michael Graff of completing the signing the zone with a key.
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff2716. [bug] nslookup debug mode didn't return the ttl. [RT #20414]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff --- 9.7.0b1 released ---
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff2715. [bug] Require OpenSSL support to be explicitly disabled.
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff2713. [bug] powerpc: atomic operations missing asm("ics") /
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff __isync() calls.
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff2712. [func] New 'auto-dnssec' zone option allows zone signing
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff to be fully automated in zones configured for
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff dynamic DNS. 'auto-dnssec allow;' permits a zone
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff to be signed by creating keys for it in the
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff key-directory and using 'rndc sign <zone>'.
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff 'auto-dnssec maintain;' allows that too, plus it
0583bf2d0affe0a90ca2284cc27840b160029ff9Michael Graff also keeps the zone's DNSSEC keys up to date
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff according to their timing metadata. [RT #19943]
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff2711. [port] win32: Add the bin/pkcs11 tools into the full
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff build. [RT #20372]
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff2710. [func] New 'dnssec-signzone -x' flag and 'dnskey-ksk-only'
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff zone option cause a zone to be signed with only KSKs
0583bf2d0affe0a90ca2284cc27840b160029ff9Michael Graff signing the DNSKEY RRset, not ZSKs. This reduces
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff the size of a DNSKEY answer. [RT #20340]
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence2709. [func] Added some data fields, currently unused, to the
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff private key file format, to allow implementation
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff of explicit key rollover in a future release
f9df80f4348ef68043903efa08299480324f4823Michael Graff without impairing backward or forward compatibility.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2708. [func] Insecure to secure and NSEC3 parameter changes via
f9df80f4348ef68043903efa08299480324f4823Michael Graff update are now fully supported and no longer require
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff defines to enable. We now no longer overload the
f9df80f4348ef68043903efa08299480324f4823Michael Graff NSEC3PARAM flag field, nor the NSEC OPT bit at the
f9df80f4348ef68043903efa08299480324f4823Michael Graff apex. Secure to insecure changes are controlled by
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff by the named.conf option 'secure-to-insecure'.
f9df80f4348ef68043903efa08299480324f4823Michael Graff Warning: If you had previously enabled support by
f9df80f4348ef68043903efa08299480324f4823Michael Graff adding defines at compile time to BIND 9.6 you should
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff ensure that all changes that are in progress have
f9df80f4348ef68043903efa08299480324f4823Michael Graff completed prior to upgrading to BIND 9.7. BIND 9.7
f9df80f4348ef68043903efa08299480324f4823Michael Graff is not backwards compatible.
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff2707. [func] dnssec-keyfromlabel no longer require engine name
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff to be specified in the label if there is a default
f9df80f4348ef68043903efa08299480324f4823Michael Graff engine or the -E option has been used. Also, it
f9df80f4348ef68043903efa08299480324f4823Michael Graff now uses default algorithms as dnssec-keygen does
f9df80f4348ef68043903efa08299480324f4823Michael Graff (i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
f9df80f4348ef68043903efa08299480324f4823Michael Graff2706. [bug] Loading a zone with a very large NSEC3 salt could
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff trigger an assert. [RT #20368]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2705. [placeholder]
703dfde61b044a866875f6217cb34acf0ff298acBrian Wellington2704. [bug] Serial of dynamic and stub zones could be inconsistent
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff with their SOA serial. [RT #19387]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff2703. [func] Introduce an OpenSSL "engine" argument with -E
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff for all binaries which can take benefit of
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff crypto hardware. [RT #20230]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2702. [func] Update PKCS#11 tools (bin/pkcs11) [RT #20225 & all]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2701. [doc] Correction to ARM: hmac-md5 is no longer the only
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff supported TSIG key algorithm. [RT #18046]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2700. [doc] The match-mapped-addresses option is discouraged.
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2699. [bug] Missing lock in rbtdb.c. [RT #20037]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2698. [placeholder]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and
c610d78e6773b57a1ead6db210c29355ba0bda19Brian Wellington S_IFREG are defined after including <isc/stat.h>.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2696. [bug] named failed to successfully process some valid
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence acl constructs. [RT #20308]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2695. [func] DHCP/DDNS - update fdwatch code for use by
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff DHCP. Modify the api to isc_sockfdwatch_t (the
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley callback funciton for isc_socket_fdwatchcreate)
f9df80f4348ef68043903efa08299480324f4823Michael Graff to include information about the direction (read
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff or write) and add isc_socket_fdwatchpoke.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2694. [bug] Reduce default NSEC3 iterations from 100 to 10.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2693. [port] Add some noreturn attributes. [RT #20257]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2692. [port] win32: 32/64 bit cleanups. [RT #20335]
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson2691. [func] dnssec-signzone: retain the existing NSEC or NSEC3
99eba32b06d21623b14161bd6543c91201d9cbafAndreas Gustafsson chain when re-signing a previously-signed zone.
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson Use -u to modify NSEC3 parameters or switch
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson between NSEC and NSEC3. [RT #20304]
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson2690. [bug] win32: fix isc_thread_key_getspecific() prototype.
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson2689. [bug] Correctly handle snprintf result. [RT #20306]
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson2688. [bug] Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT,
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson to decide to fetch the destination address. [RT #20305]
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson2687. [bug] Fixed dnssec-signzone -S handling of revoked keys.
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson Also, added warnings when revoking a ZSK, as this is
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson not defined by protocol (but is legal). [RT #19943]
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson2686. [bug] dnssec-signzone should clean the old NSEC chain when
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson signing with NSEC3 and vice versa. [RT #20301]
186817c92c7bd1a65aa562d73415abee2e79922bMichael Graff2685. [contrib] Update contrib/zkt to version 0.99c. [RT #20054]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2684. [cleanup] dig: formalize +ad and +cd as synonyms for
e223094b2248afa2697c531f75e6f84855638becMichael Graff +adflag and +cdflag. [RT #19305]
186817c92c7bd1a65aa562d73415abee2e79922bMichael Graff2683. [bug] dnssec-signzone should clean out old NSEC3 chains when
186817c92c7bd1a65aa562d73415abee2e79922bMichael Graff the NSEC3 parameters used to sign the zone change.
e223094b2248afa2697c531f75e6f84855638becMichael Graff2682. [bug] "configure --enable-symtable=all" failed to
e223094b2248afa2697c531f75e6f84855638becMichael Graff build. [RT #20282]
732e0731dec1922747bb3b3147cf2c3d16b22eaaBob Halley2681. [bug] IPSECKEY RR of gateway type 3 was not correctly
e223094b2248afa2697c531f75e6f84855638becMichael Graff decoded. [RT #20269]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2680. [func] Move contrib/pkcs11-keygen to bin/pkcs11. [RT #20067]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2679. [func] dig -k can now accept TSIG keys in named.conf
e223094b2248afa2697c531f75e6f84855638becMichael Graff format. [RT #20031]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2678. [func] Treat DS queries as if "minimal-response yes;"
e223094b2248afa2697c531f75e6f84855638becMichael Graff was set. [RT #20258]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2677. [func] Changes to key metadata behavior:
e223094b2248afa2697c531f75e6f84855638becMichael Graff - Keys without "publish" or "active" dates set will
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff no longer be used for smart signing. However,
e223094b2248afa2697c531f75e6f84855638becMichael Graff those dates will be set to "now" by default when
e223094b2248afa2697c531f75e6f84855638becMichael Graff a key is created; to generate a key but not use
e223094b2248afa2697c531f75e6f84855638becMichael Graff it yet, use dnssec-keygen -G.
e223094b2248afa2697c531f75e6f84855638becMichael Graff - New "inactive" date (dnssec-keygen/settime -I)
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff sets the time when a key is no longer used for
e223094b2248afa2697c531f75e6f84855638becMichael Graff signing but is still published.
e223094b2248afa2697c531f75e6f84855638becMichael Graff - The "unpublished" date (-U) is deprecated in
e223094b2248afa2697c531f75e6f84855638becMichael Graff favor of "deleted" (-D).
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff2676. [bug] --with-export-installdir should have been
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff --with-export-includedir. [RT #20252]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2675. [bug] dnssec-signzone could crash if the key directory
e223094b2248afa2697c531f75e6f84855638becMichael Graff did not exist. [RT #20232]
e223094b2248afa2697c531f75e6f84855638becMichael Graff --- 9.7.0a3 released ---
e223094b2248afa2697c531f75e6f84855638becMichael Graff2674. [bug] "dnssec-lookaside auto;" crashed if named was built
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff without openssl. [RT #20231]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2673. [bug] The managed-keys.bind zone file could fail to
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson load due to a spurious result from sync_keyzone()
e223094b2248afa2697c531f75e6f84855638becMichael Graff2672. [bug] Don't enable searching in 'host' when doing reverse
e223094b2248afa2697c531f75e6f84855638becMichael Graff lookups. [RT #20218]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2671. [bug] Add support for PKCS#11 providers not returning
e223094b2248afa2697c531f75e6f84855638becMichael Graff the public exponent in RSA private keys
e223094b2248afa2697c531f75e6f84855638becMichael Graff (OpenCryptoki for instance) in
e223094b2248afa2697c531f75e6f84855638becMichael Graff dnssec-keyfromlabel. [RT #19294]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2670. [bug] Unexpected connect failures failed to log enough
e223094b2248afa2697c531f75e6f84855638becMichael Graff information to be useful. [RT #20205]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2669. [func] Update PKCS#11 support to support Keyper HSM.
ecb6c5782ea248307e86c4bceac6c371d27576a6David Lawrence Update PKCS#11 patch to be against openssl-0.9.8i.
ecb6c5782ea248307e86c4bceac6c371d27576a6David Lawrence2668. [func] Several improvements to dnssec-* tools, including:
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff - dnssec-keygen and dnssec-settime can now set key
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff metadata fields 0 (to unset a value, use "none")
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff - dnssec-revoke sets the revocation date in
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff addition to the revoke bit
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson - dnssec-settime can now print individual metadata
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff fields instead of always printing all of them,
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff and can print them in unix epoch time format for
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff use by scripts
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff2667. [func] Add support for logging stack backtrace on assertion
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff failure (not available for all platforms). [RT #19780]
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson2666. [func] Added an 'options' argument to dns_name_fromstring()
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson (API change from 9.7.0a2). [RT #20196]
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff2665. [func] Clarify syntax for managed-keys {} statement, add
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff ARM documentation about RFC 5011 support. [RT #19874]
9dee95b41cfe1d33d542cc2ec0337d66b28b75abBrian Wellington2664. [bug] create_keydata() and minimal_update() in zone.c
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson didn't properly check return values for some
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff functions. [RT #19956]
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff2663. [func] win32: allow named to run as a service using
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff "NT AUTHORITY\LocalService" as the account. [RT #19977]
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr()
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson returned a misleading error code when lwresd was
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson down. [RT #20028]
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson2661. [bug] Check whether socket fd exceeds FD_SETSIZE when
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson creating lwres context. [RT #20029]
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson2660. [func] Add a new set of DNS libraries for non-BIND9
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson applications. See README.libdns. [RT #19369]
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson2659. [doc] Clarify dnssec-keygen doc: key name must match zone
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff name for DNSSEC keys. [RT #19938]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2658. [bug] dnssec-settime and dnssec-revoke didn't process
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff key file paths correctly. [RT #20078]
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff2657. [cleanup] Lower "journal file <path> does not exist, creating it"
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff log level to debug 1. [RT #20058]
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff2656. [func] win32: add a "tools only" check box to the installer
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff which causes it to only install dig, host, nslookup,
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff nsupdate and relevant DLLs. [RT #19998]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington2655. [doc] Document that key-directory does not affect
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington bind.keys, rndc.key or session.key. [RT #20155]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington2654. [bug] Improve error reporting on duplicated names for
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington deny-answer-xxx. [RT #20164]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington2653. [bug] Treat ENGINE_load_private_key() failures as key
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington not found rather than out of memory. [RT #18033]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington2652. [func] Provide more detail about what record is being
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff deleted. [RT #20061]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington2651. [bug] Dates could print incorrectly in K*.key files on
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff 64-bit systems. [RT #20076]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2650. [bug] Assertion failure in dnssec-signzone when trying
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff to read keyset-* files. [RT #20075]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2649. [bug] Set the domain for forward only zones. [RT #19944]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2647. [bug] Remove unnecessary SOA updates when a new KSK is
e223094b2248afa2697c531f75e6f84855638becMichael Graff added. [RT #19913]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms
e223094b2248afa2697c531f75e6f84855638becMichael Graff which default to 64 bits. [RT #19927]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington --- 9.7.0a2 released ---
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington2644. [bug] Change #2628 caused a regression on some systems;
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff named was unable to write the PID file and would
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff fail on startup. [RT #20001]
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff2643. [bug] Stub zones interacted badly with NSEC3 support.
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2642. [bug] nsupdate could dump core on solaris when reading
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff improperly formatted key files. [RT #20015]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2641. [bug] Fixed an error in parsing update-policy syntax,
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff added a regression test to check it. [RT #20007]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2640. [security] A specially crafted update packet will cause named
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence to exit. [RT #20000]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2639. [bug] Silence compiler warnings in gssapi code. [RT #19954]
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff2638. [bug] Install arpaname. [RT #19957]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2636. [func] Simplify zone signing and key maintenance with the
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff dnssec-* tools. Major changes:
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff - all dnssec-* tools now take a -K option to
99eba32b06d21623b14161bd6543c91201d9cbafAndreas Gustafsson specify a directory in which key files will be
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff - DNSSEC can now store metadata indicating when
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff they are scheduled to be published, activated,
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff revoked or removed; these values can be set by
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff dnssec-keygen or overwritten by the new
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff dnssec-settime command
e223094b2248afa2697c531f75e6f84855638becMichael Graff - dnssec-signzone -S (for "smart") option reads key
e223094b2248afa2697c531f75e6f84855638becMichael Graff metadata and uses it to determine automatically
e223094b2248afa2697c531f75e6f84855638becMichael Graff which keys to publish to the zone, use for
e223094b2248afa2697c531f75e6f84855638becMichael Graff signing, revoke, or remove from the zone
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington2634. [port] win32: Add support for libxml2, enable
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington statschannel. [RT #19773]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff2633. [bug] Handle 15 bit rand() functions. [RT #19783]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff2632. [func] util/kit.sh: warn if documentation appears to be out of
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff date. [RT #19922]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2631. [bug] Handle "//", "/./" and "/../" in mkdirpath().
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2630. [func] Improved syntax for DDNS autoconfiguration: use
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence "update-policy local;" to switch on local DDNS in a
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff zone. (The "ddns-autoconf" option has been removed.)
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff2629. [port] Check for seteuid()/setegid(), use setresuid()/
e223094b2248afa2697c531f75e6f84855638becMichael Graff setresgid() if not present. [RT #19932]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2628. [port] linux: Allow /var/run/named/named.pid to be opened
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff at startup with reduced capabilities in operation.
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2627. [bug] Named aborted if the same key was included in
e223094b2248afa2697c531f75e6f84855638becMichael Graff trusted-keys more than once. [RT #19918]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2626. [bug] Multiple trusted-keys could trigger an assertion
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington failure. [RT #19914]
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff2624. [func] 'named-checkconf -p' will print out the parsed
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff configuration. [RT #18871]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington2623. [bug] Named started seaches for DS non-optimally. [RT #19915]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2621. [doc] Made copyright boilterplate consistent. [RT #19833]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2620. [bug] Delay thawing the zone until the reload of it has
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff completed successfully. [RT #19750]
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff2619. [func] Add support for RFC 5011, automatic trust anchor
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff maintenance. The new "managed-keys" statement can
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff be used in place of "trusted-keys" for zones which
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff support this protocol. (Note: this syntax is
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff expected to change prior to 9.7.0 final.) [RT #19248]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff2618. [bug] The sdb and sdlz db_interator_seek() methods could
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff loop infinitely. [RT #19847]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2617. [bug] ifconfig.sh failed to emit an error message when
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff run from the wrong location. [RT #19375]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2616. [bug] 'host' used the nameservers from resolv.conf even
8b791b4ee85d7926170438752aae9c76f35a056fMark Andrews when a explicit nameserver was specified. [RT #19852]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2615. [bug] "__attribute__((unused))" was in the wrong place
e223094b2248afa2697c531f75e6f84855638becMichael Graff for ia64 gcc builds. [RT #19854]
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff2614. [port] win32: 'named -v' should automatically be executed
e223094b2248afa2697c531f75e6f84855638becMichael Graff in the foreground. [RT #19844]
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff2613. [placeholder]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley --- 9.7.0a1 released ---
e223094b2248afa2697c531f75e6f84855638becMichael Graff2612. [func] Add default values for the arguments to
97f75286ada13a1b06a424607e638bde5ebfb3caAndreas Gustafsson dnssec-keygen. Without arguments, it will now
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff generate a 1024-bit RSASHA1 zone-signing key,
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff or with the -f KSK option, a 2048-bit RSASHA1
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington key-signing key. [RT #19300]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2611. [func] Add -l option to dnssec-dsfromkey to generate
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff DLV records instead of DS records. [RT #19300]
f2762b0d99a9f1cc43f57f713aa632f6abe37892Michael Graff2610. [port] sunos: Change #2363 was not complete. [RT #19796]
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff2609. [func] Simplify the configuration of dynamic zones:
f2762b0d99a9f1cc43f57f713aa632f6abe37892Michael Graff - add ddns-confgen command to generate
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff configuration text for named.conf
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff - add zone option "ddns-autoconf yes;", which
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff causes named to generate a TSIG session key
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff and allow updates to the zone using that key
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff - add '-l' (localhost) option to nsupdate, which
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff causes nsupdate to connect to a locally-running
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff named process using the session key generated
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews2608. [func] Perform post signing verification checks in
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews dnssec-signzone. These can be disabled with -P.
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews The post sign verification test ensures that for each
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews algorithm in use there is at least one non revoked
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews self signed KSK key. That all revoked KSK keys are
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews self signed. That all records in the zone are signed
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews by the algorithm. [RT #19653]
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews2607. [bug] named could incorrectly delete NSEC3 records for
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff empty nodes when processing a update request.
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2606. [bug] "delegation-only" was not being accepted in
e223094b2248afa2697c531f75e6f84855638becMichael Graff delegation-only type zones. [RT #19717]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2605. [bug] Accept DS responses from delegation only zones.
e223094b2248afa2697c531f75e6f84855638becMichael Graff2604. [func] Add support for DNS rebinding attack prevention through
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff new options, deny-answer-addresses and
732e0731dec1922747bb3b3147cf2c3d16b22eaaBob Halley deny-answer-aliases. Based on contributed code from
e223094b2248afa2697c531f75e6f84855638becMichael Graff JD Nurmi, Google. [RT #18192]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2603. [port] win32: handle .exe extension of named-checkzone and
e223094b2248afa2697c531f75e6f84855638becMichael Graff named-comilezone argv[0] names under windows.
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington2602. [port] win32: fix debugging command line build of libisccfg.
d77d08780908c9dc30de7ffd76ca5407f7bf68f2Brian Wellington2601. [doc] Mention file creation mode mask in the
e223094b2248afa2697c531f75e6f84855638becMichael Graff named manual page.
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington2600. [doc] ARM: miscellaneous reformatting for different
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley page widths. [RT #19574]
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff2599. [bug] Address rapid memory growth when validation fails.
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley2598. [func] Reserve the -F flag. [RT #19657]
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff2597. [bug] Handle a validation failure with a insecure delegation
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff from a NSEC3 signed master/slave zone. [RT #19464]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff long, leading to inefficient memory usage or rejecting
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff newer cache entries in the worst case. [RT #19563]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2594. [func] Have rndc warn if using its default configuration
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence file when the key file also exists. [RT #19424]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2593. [bug] Improve a corner source of SERVFAILs [RT #19632]
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2591. [bug] named could die when processing a update in
e223094b2248afa2697c531f75e6f84855638becMichael Graff removed_orphaned_ds(). [RT #19507]
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff2590. [func] Report zone/class of "update with no effect".
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff2588. [bug] SO_REUSEADDR could be set unconditionally after failure
e223094b2248afa2697c531f75e6f84855638becMichael Graff of bind(2) call. This should be rare and mostly
e223094b2248afa2697c531f75e6f84855638becMichael Graff harmless, but may cause interference with other
e223094b2248afa2697c531f75e6f84855638becMichael Graff processes that happen to use the same port. [RT #19642]
57cf89b149a6c4a9794c24613f9b765e02a54b2fAndreas Gustafsson2587. [func] Improve logging by reporting serial numbers for
57cf89b149a6c4a9794c24613f9b765e02a54b2fAndreas Gustafsson when zone serial has gone backwards or unchanged.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington or SDB. [RT #19577]
57cf89b149a6c4a9794c24613f9b765e02a54b2fAndreas Gustafsson2585. [bug] Uninitialized socket name could be referenced via a
57cf89b149a6c4a9794c24613f9b765e02a54b2fAndreas Gustafsson statistics channel, triggering an assertion failure in
57cf89b149a6c4a9794c24613f9b765e02a54b2fAndreas Gustafsson XML rendering. [RT #19427]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2584. [bug] alpha: gcc optimization could break atomic operations.
e223094b2248afa2697c531f75e6f84855638becMichael Graff2583. [port] netbsd: provide a control to not add the compile
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff date to the version string, -DNO_VERSION_DATE.
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2582. [bug] Don't emit warning log message when we attempt to
0e5d6900bdfcbeef8919e6fb453ca6c44f62ccd8Brian Wellington remove non-existent journal. [RT #19516]
0e5d6900bdfcbeef8919e6fb453ca6c44f62ccd8Brian Wellington2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington Requires MySQL 5.0.19 or later. [RT #19084]
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff2580. [bug] UpdateRej statistics counter could be incremented twice
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff for one rejection. [RT #19476]
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff2579. [bug] DNSSEC lookaside validation failed to handle unknown
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff algorithms. [RT #19479]
bf555703f27295798de30fa8c04d727410788f66Bob Halley2578. [bug] Changed default sig-signing-type to 65534, because
bf555703f27295798de30fa8c04d727410788f66Bob Halley 65535 turns out to be reserved. [RT #19477]
bf555703f27295798de30fa8c04d727410788f66Bob Halley2577. [doc] Clarified some statistics counters. [RT #19454]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington2576. [bug] NSEC record were not being correctly signed when
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington a zone transitions from insecure to secure.
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington Handle such incorrectly signed zones. [RT #19114]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2575. [func] New functions dns_name_fromstring() and
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington dns_name_tostring(), to simplify conversion
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington of a string to a dns_name structure and vice
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley versa. [RT #19451]
bf555703f27295798de30fa8c04d727410788f66Bob Halley2574. [doc] Document nsupdate -g and -o. [RT #19351]
bf555703f27295798de30fa8c04d727410788f66Bob Halley2573. [bug] Replacing a non-CNAME record with a CNAME record in a
bf555703f27295798de30fa8c04d727410788f66Bob Halley single transaction in a signed zone failed. [RT #19397]
bf555703f27295798de30fa8c04d727410788f66Bob Halley2572. [func] Simplify DLV configuration, with a new option
bf555703f27295798de30fa8c04d727410788f66Bob Halley "dnssec-lookaside auto;" This is the equivalent
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington of "dnssec-lookaside . trust-anchor dlv.isc.org;"
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington plus setting a trusted-key for dlv.isc.org.
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff Note: The trusted key is hard-coded into named,
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff but is also stored in (and can be overridden
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff by) $sysconfdir/bind.keys. As the ISC DLV key
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley rolls over it can be kept up to date by replacing
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley the bind.keys file with a key downloaded from
1672aaee14415d8ce643ce401b4a29635dfd8fd6Brian Wellington https://www.isc.org/solutions/dlv. [RT #18685]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2571. [func] Add a new tool "arpaname" which translates IP addresses
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington to the corresponding IN-ADDR.ARPA or IP6.ARPA name.
1672aaee14415d8ce643ce401b4a29635dfd8fd6Brian Wellington2570. [func] Log the destination address the query was sent to.
c0a868943801d6d5c764ee644a515b1a67d587edMichael Graff2569. [func] Move journalprint, nsec3hash, and genrandom
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington "make install" will put them in $sbindir. [RT #19301]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2568. [bug] Report when the write to indicate a otherwise
0e5d6900bdfcbeef8919e6fb453ca6c44f62ccd8Brian Wellington successful start fails. [RT #19360]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington2567. [bug] dst__privstruct_writefile() could miss write errors.
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff write_public_key() could miss write errors.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence dnssec-dsfromkey could miss write errors.
e223094b2248afa2697c531f75e6f84855638becMichael Graff2566. [cleanup] Clarify logged message when an insecure DNSSEC
e223094b2248afa2697c531f75e6f84855638becMichael Graff response arrives from a zone thought to be secure:
e223094b2248afa2697c531f75e6f84855638becMichael Graff "insecurity proof failed" instead of "not
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff insecure". [RT #19400]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2565. [func] Add support for HIP record. Includes new functions
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff dns_rdata_hip_first(), dns_rdata_hip_next()
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff and dns_rdata_hip_current(). [RT #19384]
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley2564. [bug] Only take EDNS fallback steps when processing timeouts.
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley2563. [bug] Dig could leak a socket causing it to wait forever
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley to exit. [RT #19359]
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley2562. [doc] ARM: miscellaneous improvements, reorganization,
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff and some new content.
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews2559. [bug] dnssec-dsfromkey could compute bad DS records when
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews reading from a K* files. [RT #19357]
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews2558. [func] Set the ownership of missing directories created
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews for pid-file if -u has been specified on the command
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews line. [RT #19328]
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews2557. [cleanup] PCI compliance:
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews * new libisc log module file
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews * isc_dir_chroot() now also changes the working
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews directory to "/".
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews * additional INSISTs
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews * additional logging when files can't be removed.
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews error checks in the correct order resulting in the
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews wrong error code sometimes being returned. [RT #19249]
ecb6c5782ea248307e86c4bceac6c371d27576a6David Lawrence2555. [func] dig: when emitting a hex dump also display the
ecb6c5782ea248307e86c4bceac6c371d27576a6David Lawrence corresponding characters. [RT #19258]
99eba32b06d21623b14161bd6543c91201d9cbafAndreas Gustafsson2554. [bug] Validation of uppercase queries from NSEC3 zones could
99eba32b06d21623b14161bd6543c91201d9cbafAndreas Gustafsson fail. [RT #19297]
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews2552. [bug] zero-no-soa-ttl-cache was not being honoured.
c637772ac34b4abb76a250eca89930e6f2bc2ce9Brian Wellington2551. [bug] Potential Reference leak on return. [RT #19341]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2549. [port] linux: define NR_OPEN if not currently defined.
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2548. [bug] Install iterated_hash.h. [RT #19335]
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley2547. [bug] openssl_link.c:mem_realloc() could reference an
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley out-of-range area of the source buffer. New public
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley function isc_mem_reallocate() was introduced to address
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff this bug. [RT #19313]
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff2546. [func] Add --enable-openssl-hash configure flag to use
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff OpenSSL (in place of internal routine) for hash
bf555703f27295798de30fa8c04d727410788f66Bob Halley functions (MD5, SHA[12] and HMAC). [RT #18815]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2545. [doc] ARM: Legal hostname checking (check-names) is
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington for SRV RDATA too. [RT #19304]
c637772ac34b4abb76a250eca89930e6f2bc2ce9Brian Wellington2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff2542. [doc] Update the description of dig +adflag. [RT #19290]
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff2541. [bug] Conditionally update dispatch manager statistics.
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff2540. [func] Add a nibble mode to $GENERATE. [RT #18872]
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff2539. [security] Update the interaction between recursion, allow-query,
99eba32b06d21623b14161bd6543c91201d9cbafAndreas Gustafsson allow-query-cache and allow-recursion. [RT #19198]
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff2538. [bug] cache/ADB memory could grow over max-cache-size,
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff especially with threads and smaller max-cache-size
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff values. [RT #19240]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff2537. [func] Added more statistics counters including those on socket
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff I/O events and query RTT histograms. [RT #18802]
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff2536. [cleanup] Silence some warnings when -Werror=format-security is
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff specified. [RT #19083]
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2534. [func] Check NAPTR records regular expressions and
e223094b2248afa2697c531f75e6f84855638becMichael Graff replacement strings to ensure they are syntactically
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff valid and consistant. [RT #18168]
bf555703f27295798de30fa8c04d727410788f66Bob Halley2533. [doc] ARM: document @ (at-sign). [RT #17144]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2532. [bug] dig: check the question section of the response to
186817c92c7bd1a65aa562d73415abee2e79922bMichael Graff see if it matches the asked question. [RT #18495]
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff2531. [bug] Change #2207 was incomplete. [RT #19098]
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff2530. [bug] named failed to reject insecure to secure transitions
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff via UPDATE. [RT #19101]
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff2529. [cleanup] Upgrade libtool to silence complaints from recent
7ec579cd5d07228c0d6cece58b80694ad8d59de9Michael Graff version of autoconf. [RT #18657]
186817c92c7bd1a65aa562d73415abee2e79922bMichael Graff2528. [cleanup] Silence spurious configure warning about
186817c92c7bd1a65aa562d73415abee2e79922bMichael Graff --datarootdir [RT #19096]
186817c92c7bd1a65aa562d73415abee2e79922bMichael Graff2527. [placeholder]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2526. [func] New named option "attach-cache" that allows multiple
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff views to share a single cache to save memory and
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff improve lookup efficiency. Based on contributed code
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff from Barclay Osborn, Google. [RT #18905]
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff2525. [func] New logging category "query-errors" to provide detailed
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff internal information about query failures, especially
2f6040ed6717dd47da8afb20da053ce408f702a8Bob Halley about server failures. [RT #19027]
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff2523. [bug] Random type rdata freed by dns_nsec_typepresent().
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2521. [bug] Improve epoll cross compilation support. [RT #19047]
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff2520. [bug] Update xml statistics version number to 2.0 as change
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff #2388 made the schema incompatible to the previous
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff version. [RT #19080]
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff2519. [bug] dig/host with -4 or -6 didn't work if more than two
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff nameserver addresses of the excluded address family
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff preceded in resolv.conf. [RT #19081]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2518. [func] Add support for the new CERT types from RFC 4398.
e223094b2248afa2697c531f75e6f84855638becMichael Graff2517. [bug] dig +trace with -4 or -6 failed when it chose a
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff nameserver address of the excluded address type.
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff2516. [bug] glue sort for responses was performed even when not
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff needed. [RT #19039]
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff2515. [port] win32: build dnssec-dsfromkey and dnssec-keyfromlabel.
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley a nameserver of the excluded address family.
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff2513. [bug] Fix windows cli build. [RT #19062]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2512. [func] Print a summary of the cached records which make up
7ab5937e0b0d5d83e6f4eb1e50a4b041fb68df48Bob Halley the negative response. [RT #18885]
7ab5937e0b0d5d83e6f4eb1e50a4b041fb68df48Bob Halley2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
7ab5937e0b0d5d83e6f4eb1e50a4b041fb68df48Bob Halley2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
59602a44858a55fce25565491d4fec6d2cdcca19Michael Graff2509. [bug] Specifying a fixed query source port was broken.
59602a44858a55fce25565491d4fec6d2cdcca19Michael Graff2508. [placeholder]
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff2507. [func] Log the recursion quota values when killing the
d49555e76c5d02943fdd6606113aebf2317390d5Michael Graff oldest query or refusing to recurse due to quota.
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff2506. [port] solaris: Check at configure time if
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff hack_shutup_pthreadonceinit is needed. [RT #19037]
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff2505. [port] Treat amd64 similarly to x86_64 when determining
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff atomic operation support. [RT #19031]
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff2504. [bug] Address race condition in the socket code. [RT #18899]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2503. [port] linux: improve compatibility with Linux Standard
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff Base. [RT #18793]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2502. [cleanup] isc_radix: Improve compliance with coding style,
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley document function in <isc/radix.h>. [RT #18534]
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff2501. [func] $GENERATE now supports all rdata types. Multi-field
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff rdata types need to be quoted. See the ARM for
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley details. [RT #18368]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
7153a32ae99388656620b200e6f4ba6e170a208cMichael Graff function. [RT #18582]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington --- 9.6.0rc1 released ---
c637772ac34b4abb76a250eca89930e6f2bc2ce9Brian Wellington2498. [bug] Removed a bogus function argument used with
c637772ac34b4abb76a250eca89930e6f2bc2ce9Brian Wellington ISC_SOCKET_USE_POLLWATCH: it could cause compiler
c637772ac34b4abb76a250eca89930e6f2bc2ce9Brian Wellington warning or crash named with the debug 1 level
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington of logging. [RT #18917]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2497. [bug] Don't add RRSIG bit to NSEC3 bit map for insecure
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2496. [bug] Add sanity length checks to NSID option. [RT #18813]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington2495. [bug] Tighten RRSIG checks. [RT #18795]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington installed. [RT #18826]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2493. [bug] The linux capabilities code was not correctly cleaning
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington up after itself. [RT #18767]
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff2492. [func] Rndc status now reports the number of cpus discovered
e223094b2248afa2697c531f75e6f84855638becMichael Graff and the number of worker threads when running
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence multi-threaded. [RT #18273]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington2491. [func] Attempt to re-use a local port if we are already using
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff the port. [RT #18548]
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff is cleared when IPV6_V6ONLY is set. [RT #18785]
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff2489. [port] solaris: Workaround Solaris's kernel bug about
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
fb12d257efa7dad8ab467d51cb7e5081f4f22b34Michael Graff Define ISC_SOCKET_USE_POLLWATCH at build time to enable
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff this workaround. [RT #18870]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2488. [func] Added a tool, dnssec-dsfromkey, to generate DS records
d347e7af94d77a83244cb592291ac0cc4edc4b62Andreas Gustafsson from keyset and .key files. [RT #18694]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2487. [bug] Give TCP connections longer to complete. [RT #18675]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2486. [func] The default locations for named.pid and lwresd.pid
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington This allows the owner of the containing directory
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington to be set, for "named -u" support, and allows there
f9df80f4348ef68043903efa08299480324f4823Michael Graff to be a permanent symbolic link in the path, for
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley "named -t" support. [RT #18306]
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff2485. [bug] Change update's the handling of obscured RRSIG
f9df80f4348ef68043903efa08299480324f4823Michael Graff records. Not all orphaned DS records were being
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington removed. [RT #18828]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington2484. [bug] It was possible to trigger a REQUIRE failure when
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington adding NSEC3 proofs to the response in
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington query_addwildcardproof(). [RT #18828]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2483. [port] win32: chroot() is not supported. [RT #18805]
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence2482. [port] libxml2: support versions 2.7.* in addition
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff to 2.6.*. [RT #18806]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff --- 9.6.0b1 released ---
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff collisions. [RT #18812]
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff2480. [bug] named could fail to emit all the required NSEC3
b02262cbcd550c63f85df76edc6fff556ea5e95dMichael Graff records. [RT #18812]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2479. [bug] xfrout:covers was not properly initialized. [RT #18801]
e223094b2248afa2697c531f75e6f84855638becMichael Graff2478. [bug] 'addresses' could be used uninitialized in
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff configure_forward(). [RT #18800]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2477. [bug] dig: the global option to print the command line is
d49555e76c5d02943fdd6606113aebf2317390d5Michael Graff +cmd not print_cmd. Update the output to reflect
d49555e76c5d02943fdd6606113aebf2317390d5Michael Graff this. [RT #17008]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2476. [doc] ARM: improve documentation for max-journal-size and
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff ixfr-from-differences. [RT #15909] [RT #18541]
d49555e76c5d02943fdd6606113aebf2317390d5Michael Graff2475. [bug] LRU cache cleanup under overmem condition could purge
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington particular entries more aggressively. [RT #17628]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington2474. [bug] ACL structures could be allocated with insufficient
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington space, causing an array overrun. [RT #18765]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2473. [port] linux: raise the limit on open files to the possible
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff maximum value before spawning threads; 'files'
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley specified in named.conf doesn't seem to work with
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff threads as expected. [RT #18784]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington2472. [port] linux: check the number of available cpu's before
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington calling chroot as it depends on "/proc". [RT #16923]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington2471. [bug] named-checkzone was not reporting missing mandatory
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff glue when sibling checks were disabled. [RT #18768]
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff2470. [bug] Elements of the isc_radix_node_t could be incorrectly
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington overwritten. [RT# 18719]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington2469. [port] solaris: Work around Solaris's select() limitations.
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2468. [bug] Resolver could try unreachable servers multiple times.
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue.
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2465. [bug] Adb's handling of lame addresses was different
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff for IPv4 and IPv6. [RT #18738]
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence2464. [port] linux: check that a capability is present before
7d823f705d9d3a8cb4d43fcf11249515e2845364Andreas Gustafsson trying to set it. [RT #18135]
7d823f705d9d3a8cb4d43fcf11249515e2845364Andreas Gustafsson2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
7d823f705d9d3a8cb4d43fcf11249515e2845364Andreas Gustafsson API and glibc hides parts of the IPv6 Advanced Socket
7d823f705d9d3a8cb4d43fcf11249515e2845364Andreas Gustafsson API as a result. This is stupid as it breaks how the
7d823f705d9d3a8cb4d43fcf11249515e2845364Andreas Gustafsson two halves (Basic and Advanced) of the IPv6 Socket API
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington were designed to be used but we have to live with it.
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington API. [RT #18388]
7d823f705d9d3a8cb4d43fcf11249515e2845364Andreas Gustafsson2462. [doc] Document -m (enable memory usage debugging)
7d823f705d9d3a8cb4d43fcf11249515e2845364Andreas Gustafsson option for dig. [RT #18757]
5126112bc3639b9dae5726c3148d6699d277e789Mark Andrews2461. [port] sunos: Change #2363 was not complete. [RT #17513]
5126112bc3639b9dae5726c3148d6699d277e789Mark Andrews --- 9.6.0a1 released ---
5126112bc3639b9dae5726c3148d6699d277e789Mark Andrews2460. [bug] Don't call dns_db_getnsec3parameters() on the cache.
5126112bc3639b9dae5726c3148d6699d277e789Mark Andrews2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
5126112bc3639b9dae5726c3148d6699d277e789Mark Andrews2458. [doc] ARM: update and correction for max-cache-size.
5126112bc3639b9dae5726c3148d6699d277e789Mark Andrews2457. [tuning] max-cache-size is reverted to 0, the previous
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff default. It should be safe because expired cache
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington entries are also purged. [RT #18684]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
f9df80f4348ef68043903efa08299480324f4823Michael Graff address, regardless of family. They now correctly
f9df80f4348ef68043903efa08299480324f4823Michael Graff distinguish IPv4 from IPv6. [RT #18559]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence2455. [bug] Stop metadata being transferred via axfr/ixfr.
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff2454. [func] nsupdate: you can now set a default ttl. [RT #18317]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2453. [bug] Remove NULL pointer dereference in dns_journal_print().
f9df80f4348ef68043903efa08299480324f4823Michael Graff2452. [func] Improve bin/test/journalprint. [RT #18316]
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff2451. [port] solaris: handle runtime linking better. [RT #18356]
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff2450. [doc] Fix lwresd docbook problem for manual page.
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff2449. [placeholder]
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff2448. [func] Add NSEC3 support. [RT #15452]
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff2447. [cleanup] libbind has been split out as a separate product.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2446. [func] Add a new log message about build options on startup.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington A new command-line option '-V' for named is also
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington provided to show this information. [RT# 18645]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2445. [doc] ARM out-of-date on empty reverse zones (list includes
1d7987f4227c838f7fa790ad57255d3df3332ccaMichael Graff RFC1918 address, but these are not yet compiled in).
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff (clear DF) for UDP responses and requests.
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff2443. [bug] win32: UDP connect() would not generate an event,
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff and so connected UDP sockets would never clean up.
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff Fix this by doing an immediate WSAConnect() rather
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff than an io completion port type for UDP.
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff2442. [bug] A lock could be destroyed twice. [RT# 18626]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2441. [bug] isc_radix_insert() could copy radix tree nodes
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence incompletely. [RT #18573]
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff2440. [bug] named-checkconf used an incorrect test to determine
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley if an ACL was set to none.
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence2438. [bug] Timeouts could be logged incorrectly under win32.
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff2437. [bug] Sockets could be closed too early, leading to
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff inconsistent states in the socket module. [RT #18298]
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff2435. [bug] Fixed an ACL memory leak affecting win32.
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff2434. [bug] Fixed a minor error-reporting bug in
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff2433. [tuning] Set initial timeout to 800ms.
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff2432. [bug] More Windows socket handling improvements. Stop
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff using I/O events and use IO Completion Ports
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff throughout. Rewrite the receive path logic to make
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff it easier to support multiple simultaneous
f9df80f4348ef68043903efa08299480324f4823Michael Graff requesters in the future. Add stricter consistency
f9df80f4348ef68043903efa08299480324f4823Michael Graff checking as a compile-time option (define
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2431. [bug] Acl processing could leak memory. [RT #18323]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2430. [bug] win32: isc_interval_set() could round down to
f9df80f4348ef68043903efa08299480324f4823Michael Graff zero if the input was less than NS_INTERVAL
f9df80f4348ef68043903efa08299480324f4823Michael Graff nanoseconds. Round up instead. [RT #18549]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2429. [doc] nsupdate should be in section 1 of the man pages.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2428. [bug] dns_iptable_merge() mishandled merges of negative
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley tables. [RT #18409]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2427. [func] Treat DNSKEY queries as if "minimal-response yes;"
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington was set. [RT #18528]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2426. [bug] libbind: inet_net_pton() can sometimes return the
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington wrong value if excessively large net masks are
f9df80f4348ef68043903efa08299480324f4823Michael Graff supplied. [RT #18512]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2425. [bug] named didn't detect unavailable query source addresses
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff at load time. [RT #18536]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2424. [port] configure now probes for a working epoll
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff implementation. Allow the use of kqueue,
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence epoll and /dev/poll to be selected at compile
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff time. [RT #18277]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff2423. [security] Randomize server selection on queries, so as to
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff make forgery a little more difficult. Instead of
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff always preferring the server with the lowest RTT,
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff pick a server with RTT within the same 128
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff millisecond band. [RT #18441]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff2422. [bug] Handle the special return value of a empty node as
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff if it was a NXRRSET in the validator. [RT #18447]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff2421. [func] Add new command line option '-S' for named to specify
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff the max number of sockets. [RT #18493]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff Use caution: this option may not work for some
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff operating systems without rebuilding named.
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff2420. [bug] Windows socket handling cleanup. Let the io
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff completion event send out canceled read/write
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff done events, which keeps us from writing to memory
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff we no longer have ownership of. Add debugging
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff socket_log() function. Rework TCP socket handling
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff to not leak sockets.
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff2419. [cleanup] Document that isc_socket_create() and isc_socket_open()
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff should not be used for isc_sockettype_fdwatch sockets.
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff2418. [bug] AXFR request on a DLZ could trigger a REQUIRE failure
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff2417. [bug] Connecting UDP sockets for outgoing queries could
f9df80f4348ef68043903efa08299480324f4823Michael Graff unexpectedly fail with an 'address already in use'
a920f559c3689f52731519a9d5169ad5814866edMichael Graff error. [RT #18411]
1d7987f4227c838f7fa790ad57255d3df3332ccaMichael Graff2416. [func] Log file descriptors that cause exceeding the
1d7987f4227c838f7fa790ad57255d3df3332ccaMichael Graff internal maximum. [RT #18460]
d49555e76c5d02943fdd6606113aebf2317390d5Michael Graff2415. [bug] 'rndc dumpdb' could trigger various assertion failures
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff in rbtdb.c. [RT #18455]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2414. [bug] A masterdump context held the database lock too long,
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff causing various troubles such as dead lock and
a920f559c3689f52731519a9d5169ad5814866edMichael Graff recursive lock acquisition. [RT #18311, #18456]
a920f559c3689f52731519a9d5169ad5814866edMichael Graff2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff2412. [bug] win32: address a resource leak. [RT #18374]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff2411. [bug] Allow using a larger number of sockets than FD_SETSIZE
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff for select(). To enable this, set ISC_SOCKET_MAXSOCKETS
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff at compilation time. [RT #18433]
1d7987f4227c838f7fa790ad57255d3df3332ccaMichael Graff Note: with changes #2469 and #2421 above, there is no
bfbf3f2d770dc093ac5c74d5fd716ac9521e8715Michael Graff need to tweak ISC_SOCKET_MAXSOCKETS at compilation time
bfbf3f2d770dc093ac5c74d5fd716ac9521e8715Michael Graff2410. [bug] Correctly delete m_versionInfo. [RT #18432]
823e45c1273512a8048cd5e7e57f31f58c964f7fMichael Graff2409. [bug] Only log that we disabled EDNS processing if we were
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff subsequently successful. [RT #18029]
b6e9d91ff0621aec03cbc51421408074a0291b1eBrian Wellington2408. [bug] A duplicate TCP dispatch event could be sent, which
b6e9d91ff0621aec03cbc51421408074a0291b1eBrian Wellington could then trigger an assertion failure in
b6e9d91ff0621aec03cbc51421408074a0291b1eBrian Wellington resquery_response(). [RT #18275]
b6e9d91ff0621aec03cbc51421408074a0291b1eBrian Wellington2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff2406. [placeholder]
823e45c1273512a8048cd5e7e57f31f58c964f7fMichael Graff2405. [cleanup] The default value for dnssec-validation was changed to
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff "yes" in 9.5.0-P1 and all subsequent releases; this
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff was inadvertently omitted from CHANGES at the time.
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff2404. [port] hpux: files unlimited support.
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence2403. [bug] TSIG context leak. [RT #18341]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff2402. [port] Support Solaris 2.11 and over. [RT #18362]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence2401. [bug] Expect to get E[MN]FILE errno internal_accept()
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff (from accept() or fcntl() system calls). [RT #18358]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff2399. [placeholder]
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson2398. [bug] Improve file descriptor management. New,
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson temporary, named.conf option reserved-sockets,
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson default 512. [RT #18344]
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson2397. [bug] gssapi_functions had too many elements. [RT #18355]
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson2396. [bug] Don't set SO_REUSEADDR for randomized ports.
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff2395. [port] Avoid warning and no effect from "files unlimited"
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff on Linux when running as root. [RT #18335]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence2394. [bug] Default configuration options set the limit for
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff open files to 'unlimited' as described in the
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff documentation. [RT #18331]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence2393. [bug] nested acls containing keys could trigger an
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence assertion in acl.c. [RT #18166]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence2392. [bug] remove 'grep -q' from acl test script, some platforms
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence don't support it. [RT #18253]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff2391. [port] hpux: cover additional recvmsg() error codes.
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff2390. [bug] dispatch.c could make a false warning on 'odd socket'.
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff2389. [bug] Move the "working directory writable" check to after
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff the ns_os_changeuser() call. [RT #18326]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff2388. [bug] Avoid using tables for layout purposes in
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff statistics XSL [RT #18159].
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence2387. [bug] Silence compiler warnings in lib/isc/radix.c.
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence [RT #18147] [RT #18258]
0fd13c7aca8533fbc86e4c7aa326cc828844b9b5Andreas Gustafsson2386. [func] Add warning about too small 'open files' limit.
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff2385. [bug] A condition variable in socket.c could leak in
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff rare error handling [RT #17968].
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence2384. [security] Fully randomize UDP query ports to improve
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff forgery resilience. [RT #17949, #18098]
733b16eb0be2e15fa70db85291b386a3bef1d77cMichael Graff2383. [bug] named could double queries when they resulted in
d070219e016b292a49f6f8ccd8975bcc18e46e40Michael Graff SERVFAIL due to overkilling EDNS0 failure detection.
1d7987f4227c838f7fa790ad57255d3df3332ccaMichael Graff2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
bfbf3f2d770dc093ac5c74d5fd716ac9521e8715Michael Graff2381. [port] dlz/mysql: support multiple install layouts for
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff mysql. <prefix>/include/{,mysql/}mysql.h and
823e45c1273512a8048cd5e7e57f31f58c964f7fMichael Graff <prefix>/lib/{,mysql/}. [RT #18152]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
f9df80f4348ef68043903efa08299480324f4823Michael Graff proofs which, in turn, caused validation failures
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington for insecure zones immediately below a secure zone
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence the server was authoritative for. [RT #18112]
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff TLDs and supported RRs with TTLs [RT #17972]
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5.
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington2377. [bug] Address race condition in dnssec-signzone. [RT #18142]
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington2376. [bug] Change #2144 was not complete.
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff2375. [placeholder]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2374. [bug] "blackhole" ACLs could cause named to segfault due
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff to some uninitialized memory. [RT #18095]
c866769e664ba0a6a5e6f9375245f5ccca393009David Lawrence2373. [bug] Default values of zone ACLs were re-parsed each time a
c866769e664ba0a6a5e6f9375245f5ccca393009David Lawrence new zone was configured, causing an overconsumption
c866769e664ba0a6a5e6f9375245f5ccca393009David Lawrence of memory. [RT #18092]
c866769e664ba0a6a5e6f9375245f5ccca393009David Lawrence2372. [bug] Fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
c866769e664ba0a6a5e6f9375245f5ccca393009David Lawrence2371. [doc] Add +nsid option to dig man page. [RT #18039]
c866769e664ba0a6a5e6f9375245f5ccca393009David Lawrence2370. [bug] "rndc freeze" could trigger an assertion in named
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence when called on a nonexistent zone. [RT #18050]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence2369. [bug] libbind: Array bounds overrun on read in bitncmp().
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington2368. [port] Linux: use libcap for capability management if
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington possible. [RT# 18026]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence2367. [bug] Improve counting of dns_resstatscounter_retry
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington2366. [bug] Adb shutdown race. [RT #18021]
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington2365. [bug] Fix a bug that caused dns_acl_isany() to return
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington spurious results. [RT #18000]
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington2364. [bug] named could trigger a assertion when serving a
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley malformed signed zone. [RT #17828]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2362. [cleanup] Make "rrset-order fixed" a compile-time option.
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley settable by "./configure --enable-fixed-rrset".
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley Disabled by default. [RT #17977]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2361. [bug] "recursion" statistics counter could be counted
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley multiple times for a single query. [RT #17990]
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley2360. [bug] Fix a condition where we release a database version
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley (which may acquire a lock) while holding the lock.
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2359. [bug] Fix NSID bug. [RT #17942]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2358. [doc] Update host's default query description. [RT #17934]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2357. [port] Don't use OpenSSL's engine support in versions before
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley OpenSSL 0.9.7f. [RT #17922]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2356. [bug] Built in mutex profiler was not scalable enough.
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2355. [func] Extend the number statistics counters available.
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2354. [bug] Failed to initialize some rdatasetheader_t elements.
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington2353. [func] Add support for Name Server ID (RFC 5001).
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington 'dig +nsid' requests NSID from server.
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington 'request-nsid yes;' causes recursive server to send
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington NSID requests to upstream servers. Server responds
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington to NSID requests with the string configured by
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington 'server-id' option. [RT #17091]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington2352. [bug] Various GSS_API fixups. [RT #17729]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington2350. [port] win32: IPv6 support. [RT #17797]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington2349. [func] Provide incremental re-signing support for secure
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington dynamic zones. [RT #1091]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington2348. [func] Use the EVP interface to OpenSSL. Add PKCS#11 support.
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington Documentation is in the new README.pkcs11 file.
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington New tool, dnssec-keyfromlabel, which takes the
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington label of a key pair in a HSM and constructs a DNS
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington key pair for use by named and dnssec-signzone.
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington2347. [bug] Delete now traverses the RB tree in the canonical
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington order. [RT #17451]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2346. [func] Memory statistics now cover all active memory contexts
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington in increased detail. [RT #17580]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2345. [bug] named-checkconf failed to detect when forwarders
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington were set at both the options/view level and in
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington a root zone. [RT #17671]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2344. [bug] Improve "logging{ file ...; };" documentation.
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington2343. [bug] (Seemingly) duplicate IPv6 entries could be
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington created in ADB. [RT #17837]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington2342. [func] Use getifaddrs() if available under Linux. [RT #17224]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington2341. [bug] libbind: add missing -I../include for off source
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington tree builds. [RT #17606]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2340. [port] openbsd: interface configuration. [RT #17700]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2339. [port] tru64: support for libbind. [RT #17589]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2338. [bug] check_ds() could be called with a non DS rdataset.
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington2336. [func] If "named -6" is specified then listen on all IPv6
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington interfaces if there are not listen-on-v6 clauses in
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2335. [port] sunos: libbind and *printf() support for long long.
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence bug in fromstruct_txt(). [RT #17609]
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington2333. [bug] Fix off by one error in isc_time_nowplusinterval().
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff2332. [contrib] query-loc-0.4.0. [RT #17602]
1d7987f4227c838f7fa790ad57255d3df3332ccaMichael Graff2331. [bug] Failure to regenerate any signatures was not being
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff reported nor being past back to the UPDATE client.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2330. [bug] Remove potential race condition when handling
f9df80f4348ef68043903efa08299480324f4823Michael Graff over memory events. [RT #17572]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence WARNING: API CHANGE: over memory callback
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley function now needs to call isc_mem_waterack().
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley See <isc/mem.h> for details.
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley2329. [bug] Clearer help text for dig's '-x' and '-i' options.
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley2327. [bug] It was possible to dereference a NULL pointer in
acb0311b113e3729dd1ac78dd14c51dc2c010393Mark Andrews rbtdb.c. Implement dead node processing in zones as
acb0311b113e3729dd1ac78dd14c51dc2c010393Mark Andrews we do for caches. [RT #17312]
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley2326. [bug] It was possible to trigger a INSIST in the acache
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley2325. [port] Linux: use capset() function if available. [RT #17557]
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley2324. [bug] Fix IPv6 matching against "any;". [RT #17533]
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley2323. [port] tru64: namespace clash. [RT #17547]
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley2322. [port] MacOS: work around the limitation of setrlimit()
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley for RLIMIT_NOFILE. [RT #17526]
435abcf2e22d777afbdccdc3048d0ad3df65240aBob Halley2321. [placeholder]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2320. [func] Make statistics counters thread-safe for platforms
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence that support certain atomic operations. [RT #17466]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2319. [bug] Silence Coverity warnings in
f9df80f4348ef68043903efa08299480324f4823Michael Graff2318. [port] sunos fixes for libbind. [RT #17514]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2315. [bug] Used incorrect address family for mapped IPv4
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence addresses in acl.c. [RT #17519]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2314. [bug] Uninitialized memory use on error path in
f9df80f4348ef68043903efa08299480324f4823Michael Graff2313. [cleanup] Silence Coverity warnings. Handle private stacks.
f9df80f4348ef68043903efa08299480324f4823Michael Graff [RT #17447] [RT #17478]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2311. [bug] IPv6 addresses could match IPv4 ACL entries and
f9df80f4348ef68043903efa08299480324f4823Michael Graff vice versa. [RT #17462]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2310. [bug] dig, host, nslookup: flush stdout before emitting
f9df80f4348ef68043903efa08299480324f4823Michael Graff debug/fatal messages. [RT #17501]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2306. [bug] Remove potential race from lib/dns/resolver.c.
732e0731dec1922747bb3b3147cf2c3d16b22eaaBob Halley2305. [security] inet_network() buffer overflow. CVE-2008-0122.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2304. [bug] Check returns from all dns_rdata_tostruct() calls.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2301. [bug] Remove resource leak and fix error messages in
f9df80f4348ef68043903efa08299480324f4823Michael Graff2300. [bug] Fixed failure to close open file in
f9df80f4348ef68043903efa08299480324f4823Michael Graff2299. [bug] Remove unnecessary NULL check in
f9df80f4348ef68043903efa08299480324f4823Michael Graff2298. [bug] isc_mutex_lock() failure not caught in
f9df80f4348ef68043903efa08299480324f4823Michael Graff2297. [bug] isc_entropy_createfilesource() failure not caught in
99eba32b06d21623b14161bd6543c91201d9cbafAndreas Gustafsson2296. [port] Allow docbook stylesheet location to be specified to
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson configure. [RT #17457]
a920f559c3689f52731519a9d5169ad5814866edMichael Graff2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
ded7456a4dc944742c4a98cbf7b055b860b7569cMichael Graff2294. [func] Allow the experimental statistics channels to have
ded7456a4dc944742c4a98cbf7b055b860b7569cMichael Graff multiple connections and ACL.
ded7456a4dc944742c4a98cbf7b055b860b7569cMichael Graff Note: the stats-server and stats-server-v6 options
ded7456a4dc944742c4a98cbf7b055b860b7569cMichael Graff available in the previous beta releases are replaced
ded7456a4dc944742c4a98cbf7b055b860b7569cMichael Graff with the generic statistics-channels statement.
ded7456a4dc944742c4a98cbf7b055b860b7569cMichael Graff2293. [func] Add ACL regression test. [RT #17375]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2292. [bug] Log if the working directory is not writable.
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff failure to set PR_SET_DUMPABLE. [RT #17312]
ded7456a4dc944742c4a98cbf7b055b860b7569cMichael Graff2290. [bug] Let AD in the query signal that the client wants AD
f9df80f4348ef68043903efa08299480324f4823Michael Graff set in the response. [RT #17301]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2289. [func] named-checkzone now reports the out-of-zone CNAME
f9df80f4348ef68043903efa08299480324f4823Michael Graff found. [RT #17309]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2288. [port] win32: mark service as running when we have finished
f9df80f4348ef68043903efa08299480324f4823Michael Graff loading. [RT #17441]
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2286. [func] Allow a TCP connection to be used as a weak
f9df80f4348ef68043903efa08299480324f4823Michael Graff authentication method for reverse zones.
f9df80f4348ef68043903efa08299480324f4823Michael Graff New update-policy methods tcp-self and 6to4-self.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2285. [func] Test framework for client memory context management.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2284. [bug] Memory leak in UPDATE prerequisite processing.
f9df80f4348ef68043903efa08299480324f4823Michael Graff2283. [bug] TSIG keys were not attaching to the memory
f9df80f4348ef68043903efa08299480324f4823Michael Graff context. TSIG keys should use the rings
f9df80f4348ef68043903efa08299480324f4823Michael Graff memory context rather than the clients memory
f9df80f4348ef68043903efa08299480324f4823Michael Graff context. [RT #17377]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2282. [bug] Acl code fixups. [RT #17346] [RT #17374]
f9df80f4348ef68043903efa08299480324f4823Michael Graff2281. [bug] Attempts to use undefined acls were not being logged.
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff2280. [func] Allow the experimental http server to be reached
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff over IPv6 as well as IPv4. [RT #17332]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff to protect applications from receiving spurious
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff SIGPIPE signals when using the resolver.
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff2278. [bug] win32: handle the case where Windows returns no
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff search list or DNS suffix. [RT #17354]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2277. [bug] Empty zone names were not correctly being caught at
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff in the post parse checks. [RT #17357]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff2275. [func] Add support to dig to perform IXFR queries over UDP.
d2762d6c3797b1ce43965404d03b410f215932e0Michael Graff2274. [func] Log zone transfer statistics. [RT #17336]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff2273. [bug] Adjust log level to WARNING when saving inconsistent
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff stub/slave master and journal files. [RT# 17279]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff2272. [bug] Handle illegal dnssec-lookaside trust-anchor names.
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2271. [bug] Fix a memory leak in http server code [RT #17100]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff2270. [bug] dns_db_closeversion() version->writer could be reset
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff before it is tested. [RT #17290]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232]
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff --- 9.5.0b1 released ---
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2267. [bug] Radix tree node_num value could be set incorrectly,
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff causing positive ACL matches to look like negative
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff ones. [RT #17311]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff2266. [bug] client.c:get_clientmctx() returned the same mctx
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff once the pool of mctx's was filled. [RT #17218]
499371d17c34a5770af022f4aa15e764e957a803Michael Graff2265. [bug] Test that the memory context's basic_table is non NULL
499371d17c34a5770af022f4aa15e764e957a803Michael Graff before freeing. [RT #17265]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff2264. [bug] Server prefix length was being ignored. [RT #17308]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2263. [bug] "named-checkconf -z" failed to set default value
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence for "check-integrity". [RT #17306]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff2262. [bug] Error status from all but the last view could be
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff lost. [RT #17292]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff2260. [bug] Reported wrong clients-per-query when increasing the
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff value. [RT #17236]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff2259. [placeholder]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence --- 9.5.0a7 released ---
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff2257. [bug] win32: Use the full path to vcredist_x86.exe when
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff calling it. [RT #17222]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff2256. [bug] win32: Correctly register the installation location of
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
f2762b0d99a9f1cc43f57f713aa632f6abe37892Michael Graff2254. [bug] timer.c:dispatch() failed to lock timer->lock
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff when reading timer->idle allowing it to see
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff intermediate values as timer->idle was reset by
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff isc_timer_touch(). [RT #17243]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff2253. [func] "max-cache-size" defaults to 32M.
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence "max-acache-size" defaults to 16M.
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff2252. [bug] Fixed errors in sortlist code [RT #17216]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff2251. [placeholder]
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graff2250. [func] New flag 'memstatistics' to state whether the
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff memory statistics file should be written or not.
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff Additionally named's -m option will cause the
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff statistics file to be written. [RT #17113]
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff2249. [bug] Only set Authentic Data bit if client requested
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff DNSSEC, per RFC 3655 [RT #17175]
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff2247. [doc] Sort doc/misc/options. [RT #17067]
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff2246. [bug] Make the startup of test servers (ans.pl) more
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff robust. [RT #17147]
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence2245. [bug] Validating lack of DS records at trust anchors wasn't
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff working. [RT #17151]
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff2244. [func] Allow the check of nameserver names against the
5039f2cad30410b47330c14c0d7ce4ca493a8712Michael Graff SOA MNAME field to be disabled by specifying
5039f2cad30410b47330c14c0d7ce4ca493a8712Michael Graff 'notify-to-soa yes;'. [RT #17073]
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff2243. [func] Configuration files without a newline at the end now
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff parse without error. [RT #17120]
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff library could require a source of random data.
4c208bd46f94379b011b57ee7edb84ac9c706704Michael Graff2241. [func] nsupdate: add a interactive 'help' command. [RT #17099]
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley a number of INSIST()s into plain fatal() errors
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley which report the triggering result code.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington The 'key' command wasn't disabling GSS-TSIG.
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2238. [bug] It was possible to trigger a REQUIRE when a
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley validation was canceled. [RT #17106]
271154eafd1111455030abc2997120228be55ef9Mark Andrews2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
a6ebd71eed266a08850b5300c2effb18bdb87c8cBob Halley2236. [bug] dnssec-signzone failed to preserve the case of
a6ebd71eed266a08850b5300c2effb18bdb87c8cBob Halley of wildcard owner names. [RT #17085]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2233. [func] Add support for O(1) ACL processing, based on
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley radix tree code originally written by Kevin
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington Brintnall. [RT #16288]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2232. [bug] dns_adb_findaddrinfo() could fail and return
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley ISC_R_SUCCESS. [RT #17137]
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley2230. [bug] We could INSIST reading a corrupted journal.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2229. [bug] Null pointer dereference on query pool creation
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington failure. [RT #17133]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2228. [contrib] contrib: Change 2188 was incomplete.
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington2227. [cleanup] Tidied up the FAQ. [RT #17121]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2226. [placeholder]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2225. [bug] More support for systems with no IPv4 addresses.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2224. [bug] Defer journal compaction if a xfrin is in progress.
5c688a008a28f215cd772377774e6a1ed07d0525Brian Wellington2223. [bug] Make a new journal when compacting. [RT #17119]
5c688a008a28f215cd772377774e6a1ed07d0525Brian Wellington2222. [func] named-checkconf now checks server key references.
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff2221. [bug] Set the event result code to reflect the actual
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley record turned to caller when a cache update is
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley rejected due to a more credible answer existing.
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2220. [bug] win32: Address a race condition in final shutdown of
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley the Windows socket code. [RT #17028]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2219. [bug] Apply zone consistency checks to additions, not
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley removals, when updating. [RT #17049]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2217. [func] Adjust update log levels. [RT #17092]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2216. [cleanup] Fix a number of errors reported by Coverity.
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2214. [bug] Deregister OpenSSL lock callback when cleaning
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley up. Reorder OpenSSL cleanup so that RAND_cleanup()
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley is called before the locks are destroyed. [RT #17098]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2213. [bug] SIG0 diagnostic failure messages were looking at the
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley wrong status code. [RT #17101]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2212. [func] 'host -m' now causes memory statistics and active
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley memory to be printed at exit. [RT 17028]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2211. [func] Update "dynamic update temporarily disabled" message.
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2210. [bug] Deleting class specific records via UPDATE could
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley fail. [RT #17074]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2209. [port] osx: linking against user supplied static OpenSSL
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley libraries failed as the system ones were still being
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley found. [RT #17078]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2208. [port] win32: make sure both build methods produce the
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley same output. [RT #17058]
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley2207. [port] Some implementations of getaddrinfo() fail to set
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley ai_canonname correctly. [RT #17061]
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley --- 9.5.0a6 released ---
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley2206. [security] "allow-query-cache" and "allow-recursion" now
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley cross inherit from each other.
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley If allow-query-cache is not set in named.conf then
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley allow-recursion is used if set, otherwise allow-query
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley is used if set, otherwise the default (localnets;
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley localhost;) is used.
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley If allow-recursion is not set in named.conf then
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley allow-query-cache is used if set, otherwise allow-query
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff is used if set, otherwise the default (localnets;
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley localhost;) is used.
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2204. [bug] "rndc flushanme name unknown-view" caused named
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington to crash. [RT #16984]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2203. [security] Query id generation was cryptographically weak.
7a97b7630fb5e43b64152db587b64b21ff8d5d51Brian Wellington2202. [security] The default acls for allow-query-cache and
7a97b7630fb5e43b64152db587b64b21ff8d5d51Brian Wellington allow-recursion were not being applied. [RT #16960]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2201. [bug] The build failed in a separate object directory.
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington2200. [bug] The search for cached NSEC records was stopping to
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington early leading to excessive DLV queries. [RT #16930]
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington2199. [bug] win32: don't call WSAStartup() while loading dlls.
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington2198. [bug] win32: RegCloseKey() could be called when
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington RegOpenKeyEx() failed. [RT #16911]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2197. [bug] Add INSIST to catch negative responses which are
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington not setting the event result code appropriately.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2196. [port] win32: yield processor while waiting for once to
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington to complete. [RT #16958]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2195. [func] dnssec-keygen now defaults to nametype "ZONE"
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington when generating DNSKEYs. [RT #16954]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2194. [bug] Close journal before calling 'done' in xfrin.c.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington --- 9.5.0a5 released ---
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2193. [port] win32: BINDInstall.exe is now linked statically.
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington2192. [port] win32: use vcredist_x86.exe to install Visual
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington Studio's redistributable dlls if building with
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington Visual Stdio 2005 or later.
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington2191. [func] named-checkzone now allows dumping to stdout (-).
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington named-checkconf now has -h for help.
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington named-checkzone now has -h for help.
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington rndc now has -h for help.
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington Better handling of '-?' for usage summaries.
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington2190. [func] Make fallback to plain DNS from EDNS due to timeouts
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington more visible. New logging category "edns-disabled".
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2189. [bug] Handle socket() returning EINTR. [RT #15949]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2188. [contrib] queryperf: autoconf changes to make the search for
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington libresolv or libbind more robust. [RT #16299]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2187. [bug] query_addds(), query_addwildcardproof() and
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington query_addnxrrsetnsec() should take a version
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington argument. [RT #16368]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2186. [port] cygwin: libbind: check for struct sockaddr_storage
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington independently of IPv6. [RT #16482]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2185. [port] sunos: libbind: check for ssize_t, memmove() and
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington memchr(). [RT #16463]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence2184. [bug] bind9.xsl.h didn't build out of the source tree.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2183. [bug] dnssec-signzone didn't handle offline private keys
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington well. [RT #16832]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2182. [bug] dns_dispatch_createtcp() and dispatch_createudp()
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington could return ISC_R_SUCCESS when they ran out of
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington memory. [RT #16365]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2180. [cleanup] Remove bit test from 'compress_test' as they
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington are no longer needed. [RT #16497]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2179. [func] 'rndc command zone' will now find 'zone' if it is
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington unique to all the views. [RT #16821]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2178. [bug] 'rndc reload' of a slave or stub zone resulted in
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington a reference leak. [RT #16867]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2177. [bug] Array bounds overrun on read (rcodetext) at
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington debug level 10+. [RT #16798]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2176. [contrib] dbus update to handle race condition during
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington initialization (Bugzilla 235809). [RT #16842]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2175. [bug] win32: windows broadcast condition variable support
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington was broken. [RT #16592]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2174. [bug] I/O errors should always be fatal when reading
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington master files. [RT #16825]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2173. [port] win32: When compiling with MSVS 2005 SP1 we also
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington --- 9.5.0a4 released ---
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2172. [bug] query_addsoa() was being called with a non zone db.
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews2171. [bug] Handle breaks in DNSSEC trust chains where the parent
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington servers are not DS aware (DS queries to the parent
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington return a referral to the child).
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2170. [func] Add acache processing to test suite. [RT #16711]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2169. [bug] host, nslookup: when reporting NXDOMAIN report the
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington given name and not the last name searched for.
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington2168. [bug] nsupdate: in non-interactive mode treat syntax errors
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington as fatal errors. [RT #16785]
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington2167. [bug] When re-using a automatic zone named failed to
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington attach it to the new view. [RT #16786]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington --- 9.5.0a3 released ---
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2166. [bug] When running in batch mode, dig could misinterpret
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington a server address as a name to be looked up, causing
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington unexpected output. [RT #16743]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2165. [func] Allow the destination address of a query to determine
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington if we will answer the query or recurse.
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington allow-query-on, allow-recursion-on and
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington allow-query-cache-on. [RT #16291]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2164. [bug] The code to determine how named-checkzone /
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington named-compilezone was called failed under windows.
7a97b7630fb5e43b64152db587b64b21ff8d5d51Brian Wellington2163. [bug] If only one of query-source and query-source-v6
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington specified a port the query pools code broke (change
7a97b7630fb5e43b64152db587b64b21ff8d5d51Brian Wellington 2129). [RT #16768]
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington2162. [func] Allow "rrset-order fixed" to be disabled at compile
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington time. [RT #16665]
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington2161. [bug] Fix which log messages are emitted for 'rndc flush'.
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington from getifaddrs(). [RT #16708]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington --- 9.5.0a2 released ---
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2159. [bug] Array bounds overrun in acache processing. [RT #16710]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2158. [bug] ns_client_isself() failed to initialize key
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington leading to a REQUIRE failure. [RT #16688]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2157. [func] dns_db_transfernode() created. [RT #16685]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington resolver.c:validated() and resolver.c:cache_name().
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington Fix a memory leak in rbtdb.c:free_noqname().
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington Make lookup.c:lookup_find() robust against
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington event leaks. [RT #16685]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2155. [contrib] SQLite sdb module from jaboydjr@netwalk.com.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington matched in acls by omitting the scope. [RT #16599]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2153. [bug] nsupdate could leak memory. [RT #16691]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2152. [cleanup] Use sizeof(buf) instead of fixed number in
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington dighost.c:get_trusted_key(). [RT #16678]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2151. [bug] Missing newline in usage message for journalprint.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2150. [bug] 'rrset-order cyclic' uniformly distribute the
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington starting point for the first response for a given
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington RRset. [RT #16655]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2149. [bug] isc_mem_checkdestroyed() failed to abort on
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington if there were still active memory contexts.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2148. [func] Add positive logging for rndc commands. [RT #14623]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2147. [bug] libbind: remove potential buffer overflow from
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2146. [cleanup] Silence Linux's spurious "obsolete setsockopt
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington SO_BSDCOMPAT" message. [RT #16641]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2145. [bug] Check DS/DLV digest lengths for known digests.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2144. [cleanup] Suppress logging of SERVFAIL from forwarders.
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2143. [bug] We failed to restart the IPv6 client when the
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington kernel failed to return the destination the
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington packet was sent to. [RT #16613]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2142. [bug] Handle master files with a modification time that
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington matches the epoch. [RT# 16612]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington equivalent of LDH checks). [RT #16609]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2140. [bug] libbind: missing unlock on pthread_key_create()
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington failures. [RT #16654]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2139. [bug] dns_view_find() was being called with wrong type
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington in adb.c. [RT #16670]
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence2138. [bug] Lock order reversal in resolver.c. [RT #16653]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff2137. [port] Mips little endian and/or mips 64 bit are now
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff supported for atomic operations. [RT#16648]
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff2136. [bug] nslookup/host looped if there was no search list
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graff and the host didn't exist. [RT #16657]
e5c75445501bb0459753f55cf3a9529b3cb794dfBrian Wellington2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington2134. [func] Additional statistics support. [RT #16666]
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews2133. [port] powerpc: Support both IBM and MacOS Power PC
06f9d6486eab16895ab1538f5530445cb665ba9cBrian Wellington assembler syntaxes. [RT #16647]
e5c75445501bb0459753f55cf3a9529b3cb794dfBrian Wellington2132. [bug] Missing unlock on out of memory in
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington dns_dispatchmgr_setudp().
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
06f9d6486eab16895ab1538f5530445cb665ba9cBrian Wellington2130. [func] Log if CD or DO were set. [RT #16640]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington2129. [func] Provide a pool of UDP sockets for queries to be
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington made over. See use-queryport-pool, queryport-pool-ports
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington and queryport-pool-updateinterval. [RT #16415]
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington2126. [security] Serialize validation of type ANY responses. [RT #16555]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington2125. [bug] dns_zone_getzeronosoattl() REQUIRE failure if DLZ
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington was defined. [RT #16574]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington2124. [security] It was possible to dereference a freed fetch
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington context. [RT #16584]
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington --- 9.5.0a1 released ---
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2123. [func] Use Doxygen to generate internal documentation.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence2122. [func] Experimental http server and statistics support
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington for named via xml.
f7fbd68b1cd96c733140fce938a61faf8b459b6fBrian Wellington2121. [func] Add a 10 slot dead masters cache (LRU) with a 600
f7fbd68b1cd96c733140fce938a61faf8b459b6fBrian Wellington second timeout. [RT #16553]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington2120. [doc] Fix markup on nsupdate man page. [RT #16556]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington2119. [compat] libbind: allow res_init() to succeed enough to
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington return the default domain even if it was unable
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington to allocate memory.
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington2118. [bug] Handle response with long chains of domain name
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington compression pointers which point to other compression
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington pointers. [RT #16427]
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington2117. [bug] DNSSEC fixes: named could fail to cache NSEC records
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington which could lead to validation failures. named didn't
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington handle negative DS responses that were in the process
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington of being validated. Check CNAME bit before accepting
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington NODATA proof. To be able to ignore a child NSEC there
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington must be SOA (and NS) set in the bitmap. [RT #16399]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington2116. [bug] 'rndc reload' could cause the cache to continually
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington be cleaned. [RT #16401]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington2115. [bug] 'rndc reconfig' could trigger a INSIST if the
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington number of masters for a zone was reduced. [RT #16444]
d1cbf714097e900ed1703529584d3e1a50e8a4a8Brian Wellington2114. [bug] dig/host/nslookup: searches for names with multiple
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington labels were failing. [RT #16447]
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington2113. [bug] nsupdate: if a zone is specified it should be used
06f9d6486eab16895ab1538f5530445cb665ba9cBrian Wellington for server discover. [RT# 16455]
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington2112. [security] Warn if weak RSA exponent is used. [RT #16460]
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington2111. [bug] Fix a number of errors reported by Coverity.
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington2110. [bug] "minimal-responses yes;" interacted badly with BIND 8
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington priming queries. [RT #16491]
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502]
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence2108. [func] DHCID support. [RT #16456]
bb71d64085c044920d978fc706996e7e2c0ccb4eBrian Wellington2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
bb71d64085c044920d978fc706996e7e2c0ccb4eBrian Wellington2106. [func] 'rndc status' now reports named's version. [RT #16426]
bb71d64085c044920d978fc706996e7e2c0ccb4eBrian Wellington2105. [func] GSS-TSIG support (RFC 3645).
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews2104. [port] Fix Solaris SMF error message.
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2103. [port] Add /usr/sfw to list of locations for OpenSSL
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington under Solaris.
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2102. [port] Silence Solaris 10 warnings.
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2101. [bug] OpenSSL version checks were not quite right.
81b438273a0c3141144d169a7ccb110150757337Brian Wellington2100. [port] win32: copy libeay32.dll to Build\Debug.
81b438273a0c3141144d169a7ccb110150757337Brian Wellington Copy Debug\named-checkzone to Debug\named-compilezone.
81b438273a0c3141144d169a7ccb110150757337Brian Wellington2099. [port] win32: more manifest issues.
81b438273a0c3141144d169a7ccb110150757337Brian Wellington2098. [bug] Race in rbtdb.c:no_references(), which occasionally
c637772ac34b4abb76a250eca89930e6f2bc2ce9Brian Wellington triggered an INSIST failure about the node lock
c637772ac34b4abb76a250eca89930e6f2bc2ce9Brian Wellington reference. [RT #16411]
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2097. [bug] named could reference a destroyed memory context
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington after being reloaded / reconfigured. [RT #16428]
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2096. [bug] libbind: handle applications that fail to detect
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington res_init() failures better.
bb71d64085c044920d978fc706996e7e2c0ccb4eBrian Wellington2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington net_cidr_ntop_ipv6(). [RT #16388]
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2094. [contrib] Update named-bootconf. [RT# 16404]
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2093. [bug] named-checkzone -s was broken.
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2092. [bug] win32: dig, host, nslookup. Use registry config
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington if resolv.conf does not exist or no nameservers
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington listed. [RT #15877]
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2091. [port] dighost.c: race condition on cleanup. [RT #16417]
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2090. [port] win32: Visual C++ 2005 command line manifest support.
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2089. [security] Raise the minimum safe OpenSSL versions to
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington prior to these have known security flaws which
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington are (potentially) exploitable in named. [RT #16391]
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2088. [security] Change the default RSA exponent from 3 to 65537.
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2087. [port] libisc failed to compile on OS's w/o a vsnprintf.
5c29047792191d6141f69b2684314d0b762fedebBrian Wellington2086. [port] libbind: FreeBSD now has get*by*_r() functions.
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2085. [doc] win32: added index.html and README to zip. [RT #16201]
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2084. [contrib] dbus update for 9.3.3rc2.
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2083. [port] win32: Visual C++ 2005 support.
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2082. [doc] Document 'cache-file' as a test only option.
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2080. [port] libbind: res_init.c did not compile on older versions
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington of Solaris. [RT #16363]
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2079. [bug] The lame cache was not handling multiple types
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington correctly. [RT #16361]
d1eee4693871f9e02fc8598e2e2f8fac80df25a3Brian Wellington2078. [bug] dnssec-checkzone output style "default" was badly
d1eee4693871f9e02fc8598e2e2f8fac80df25a3Brian Wellington named. It is now called "relative". [RT #16326]
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington2077. [bug] 'dnssec-signzone -O raw' wasn't outputting the
6f17d90364f01c3e81073a9ffb40b0093878c8e2Brian Wellington complete signed zone. [RT #16326]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2076. [bug] Several files were missing #include <config.h>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer causing build failures on OSF. [RT #16341]
c7868e2262d57451c7f0ce246be5f44e8c33f1e0Michael Sawyer2075. [bug] The spillat timer event hander could leak memory.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2074. [bug] dns_request_createvia2(), dns_request_createvia3(),
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer dns_request_createraw2() and dns_request_createraw3()
d1eee4693871f9e02fc8598e2e2f8fac80df25a3Brian Wellington failed to send multiple UDP requests. [RT #16349]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2073. [bug] Incorrect semantics check for update policy "wildcard".
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2072. [bug] We were not generating valid HMAC SHA digests.
c7868e2262d57451c7f0ce246be5f44e8c33f1e0Michael Sawyer2071. [port] Test whether gcc accepts -fno-strict-aliasing.
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2070. [bug] The remote address was not always displayed when
d1eee4693871f9e02fc8598e2e2f8fac80df25a3Brian Wellington reporting dispatch failures. [RT #16315]
d1eee4693871f9e02fc8598e2e2f8fac80df25a3Brian Wellington2069. [bug] Cross compiling was not working. [RT #16330]
d1eee4693871f9e02fc8598e2e2f8fac80df25a3Brian Wellington2068. [cleanup] Lower incremental tuning message to debug 1.
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer2067. [bug] 'rndc' could close the socket too early triggering
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer a INSIST under Windows. [RT #16317]
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer2066. [security] Handle SIG queries gracefully. [RT #16300]
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer2065. [bug] libbind: probe for HPUX prototypes for
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer endprotoent_r() and endservent_r(). [RT 16313]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2064. [bug] libbind: silence AIX compiler warnings. [RT #16218]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2063. [bug] Change #1955 introduced a bug which caused the first
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer 'rndc flush' call to not free memory. [RT #16244]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2062. [bug] 'dig +nssearch' was reusing a buffer before it had
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer been returned by the socket code. [RT #16307]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2061. [bug] Accept expired wildcard message reversed. [RT #16296]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2060. [bug] Enabling DLZ support could leave views partially
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer configured. [RT #16295]
d1eee4693871f9e02fc8598e2e2f8fac80df25a3Brian Wellington2059. [bug] Search into cache rbtdb could trigger an INSIST
d1eee4693871f9e02fc8598e2e2f8fac80df25a3Brian Wellington failure while cleaning up a stale rdataset.
d1eee4693871f9e02fc8598e2e2f8fac80df25a3Brian Wellington2058. [bug] Adjust how we calculate rtt estimates in the presence
d1eee4693871f9e02fc8598e2e2f8fac80df25a3Brian Wellington of authoritative servers that drop EDNS and/or CD
d1eee4693871f9e02fc8598e2e2f8fac80df25a3Brian Wellington requests. Also fallback to EDNS/512 and plain DNS
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer faster for zones with less than 3 servers. [RT #16187]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2057. [bug] Make setting "ra" dependent on both allow-query-cache
c9c5b25473f3ef04ba2cfe00b21869f8050dd921Michael Sawyer and allow-recursion. [RT #16290]
194de894f0697562f94e048f573d99260a18a639Michael Sawyer2056. [bug] dig: ixfr= was not being treated case insensitively
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer at all times. [RT #15955]
d1eee4693871f9e02fc8598e2e2f8fac80df25a3Brian Wellington2055. [bug] Missing goto after dropping multicast query.
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2054. [port] freebsd: do not explicitly link against -lpthread.
c7868e2262d57451c7f0ce246be5f44e8c33f1e0Michael Sawyer2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220]
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2052. [bug] 'rndc' improve connect failed message to report
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer the failing address. [RT #15978]
c7868e2262d57451c7f0ce246be5f44e8c33f1e0Michael Sawyer2051. [port] More strtol() fixes. [RT #16249]
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2050. [bug] Parsing of NSAP records was not case insensitive.
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2049. [bug] Restore SOA before AXFR when falling back from
c7868e2262d57451c7f0ce246be5f44e8c33f1e0Michael Sawyer a attempted IXFR when transferring in a zone.
c7868e2262d57451c7f0ce246be5f44e8c33f1e0Michael Sawyer Allow a initial SOA query before attempting
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer a AXFR to be requested. [RT #16156]
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2048. [bug] It was possible to loop forever when using
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer avoid-v4-udp-ports / avoid-v6-udp-ports when
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer the OS always returned the same local port.
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2047. [bug] Failed to initialize the interface flags to zero.
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
c7868e2262d57451c7f0ce246be5f44e8c33f1e0Michael Sawyer cleanup [RT #16247].
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2045. [func] Use lock buckets for acache entries to limit memory
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer consumption. [RT #16183]
c9c5b25473f3ef04ba2cfe00b21869f8050dd921Michael Sawyer2044. [port] Add support for atomic operations for Itanium.
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2043. [port] nsupdate/nslookup: Force the flushing of the prompt
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington for interactive sessions. [RT#16148]
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2042. [bug] named-checkconf was incorrectly rejecting the
c7868e2262d57451c7f0ce246be5f44e8c33f1e0Michael Sawyer logging category "config". [RT #16117]
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington2041. [bug] "configure --with-dlz-bdb=yes" produced a bad
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer set of libraries to be linked. [RT #16129]
c9c5b25473f3ef04ba2cfe00b21869f8050dd921Michael Sawyer2040. [bug] rbtdb no_references() could trigger an INSIST
194de894f0697562f94e048f573d99260a18a639Michael Sawyer failure with --enable-atomic. [RT #16022]
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2039. [func] Check that all buffers passed to the socket code
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer have been retrieved when the socket event is freed.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2038. [bug] dig/nslookup/host was unlinking from wrong list
c7868e2262d57451c7f0ce246be5f44e8c33f1e0Michael Sawyer when handling errors. [RT #16122]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2037. [func] When unlinking the first or last element in a list
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer check that the list head points to the element to
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer be unlinked. [RT #15959]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2036. [bug] 'rndc recursing' could cause trigger a REQUIRE.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2035. [func] Make falling back to TCP on UDP refresh failure
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer optional. Default "try-tcp-refresh yes;" for BIND 8
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer compatibility. [RT #16123]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2033. [bug] We weren't creating multiple client memory contexts
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer on demand as expected. [RT #16095]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2032. [bug] Remove a INSIST in query_addadditional2(). [RT #16074]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2031. [bug] Emit a error message when "rndc refresh" is called on
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer a non slave/stub zone. [RT # 16073]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2030. [bug] We were being overly conservative when disabling
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer openssl engine support. [RT #16030]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2029. [bug] host printed out the server multiple times when
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer specified on the command line. [RT #15992]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2028. [port] linux: socket.c compatibility for old systems.
9b3a69e6a701ffe2fc49fbb750d0761b3a822b37Michael Sawyer2027. [port] libbind: Solaris x86 support. [RT #16020]
9b3a69e6a701ffe2fc49fbb750d0761b3a822b37Michael Sawyer2026. [bug] Rate limit the two recursive client exceeded messages.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2025. [func] Update "zone serial unchanged" message. [RT #16026]
9b3a69e6a701ffe2fc49fbb750d0761b3a822b37Michael Sawyer2024. [bug] named emitted spurious "zone serial unchanged"
d2762d6c3797b1ce43965404d03b410f215932e0Michael Graff messages on reload. [RT #16027]
9b3a69e6a701ffe2fc49fbb750d0761b3a822b37Michael Sawyer2023. [bug] "make install" should create ${localstatedir}/run and
9b3a69e6a701ffe2fc49fbb750d0761b3a822b37Michael Sawyer ${sysconfdir} if they do not exist. [RT #16033]
9b3a69e6a701ffe2fc49fbb750d0761b3a822b37Michael Sawyer2022. [bug] If dnssec validation is disabled only assert CD if
9b3a69e6a701ffe2fc49fbb750d0761b3a822b37Michael Sawyer CD was requested. [RT #16037]
9b3a69e6a701ffe2fc49fbb750d0761b3a822b37Michael Sawyer2021. [bug] dnssec-enable no; triggered a REQUIRE. [RT #16037]
9b3a69e6a701ffe2fc49fbb750d0761b3a822b37Michael Sawyer2020. [bug] rdataset_setadditional() could leak memory. [RT #16034]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2019. [tuning] Reduce the amount of work performed per quantum
9b3a69e6a701ffe2fc49fbb750d0761b3a822b37Michael Sawyer when cleaning the cache. [RT #15986]
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer2018. [bug] Checking if the HMAC MD5 private file was broken.
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2017. [bug] allow-query default was not correct. [RT #15946]
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2016. [bug] Return a partial answer if recursion is not
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer allowed but requested and we had the answer
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer to the original qname. [RT #15945]
c7868e2262d57451c7f0ce246be5f44e8c33f1e0Michael Sawyer2015. [cleanup] use-additional-cache is now acache-enable for
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer consistency. Default acache-enable off in BIND 9.4
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer as it requires memory usage to be configured.
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer It may be enabled by default in BIND 9.5 once we
c7868e2262d57451c7f0ce246be5f44e8c33f1e0Michael Sawyer have more experience with it.
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2014. [func] Statistics about acache now recorded and sent
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer to log. [RT #15976]
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer responses more gracefully. [RT #15941]
c7868e2262d57451c7f0ce246be5f44e8c33f1e0Michael Sawyer2012. [func] Don't insert new acache entries if acache is full.
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2011. [func] dnssec-signzone can now update the SOA record of
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer the signed zone, either as an increment or as the
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer system time(). [RT #15633]
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2010. [placeholder] rt15958
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2009. [bug] libbind: Coverity fixes. [RT #15808]
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer2008. [func] It is now possible to enable/disable DNSSEC
c7868e2262d57451c7f0ce246be5f44e8c33f1e0Michael Sawyer validation from rndc. This is useful for the
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer mobile hosts where the current connection point
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer breaks DNSSEC (firewall/proxy). [RT #15592]
d1eee4693871f9e02fc8598e2e2f8fac80df25a3Brian Wellington rndc validation newstate [view]
5126112bc3639b9dae5726c3148d6699d277e789Mark Andrews2007. [func] It is now possible to explicitly enable DNSSEC
5126112bc3639b9dae5726c3148d6699d277e789Mark Andrews validation. default dnssec-validation no; to
5126112bc3639b9dae5726c3148d6699d277e789Mark Andrews be changed to yes in 9.5.0. [RT #15674]
5126112bc3639b9dae5726c3148d6699d277e789Mark Andrews2006. [security] Allow-query-cache and allow-recursion now default
5126112bc3639b9dae5726c3148d6699d277e789Mark Andrews to the built in acls "localnets" and "localhost".
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson This is being done to make caching servers less
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson attractive as reflective amplifying targets for
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson spoofed traffic. This still leave authoritative
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson servers exposed.
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson The best fix is for full BCP 38 deployment to
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson remove spoofed traffic.
2003. [bug] libbind: The DNS name/address lookup functions could
1988. [bug] Remove a bus error from the SHA256/SHA512 support.
1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
1981. [bug] win32: condition.c:wait() could fail to reattain
1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
now be set in named.conf (max-udp-size). This is
xfrin.c:maybe_free() if named ran out of memory.
1944. [cleanup] isc_hash_create() does not need a read/write lock.
1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
1922. [bug] check-tool.c:setup_logging() missing call to
1919. [contrib] queryperf: a set of new features: collecting/printing
'RD' was set in the query. host/nslookup skip servers
1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
1866. [bug] resolv.conf parse errors were being ignored by
dig/host/nslookup. [RT #14841]
1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
when CFLAGS contains "-I /usr/local/include"
1839. [bug] <isc/hash.h> was not being installed.
1836. [cleanup] Silence compiler warnings in hash_test.c.
1834. [bug] Bad memset in rdata_test.c. [RT #13658]
rbtdb.c:subtractrdataset(). [RT #13519]
option in named.conf can be used to specify a
1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
1810. [bug] configure, lib/bind/configure make different default
1808. [bug] zone.c:notify_zone() contained a race condition,
1788. [bug] libbind9.la/libbind9.so needs to link against
1785. [bug] libbind9.la/libbind9.so needs to link against
1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
file clause for rbt{64} master/hint zones. [RT#13009]
1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
1748. [func] dig now returns the byte count for axfr/ixfr.
1747. [bug] BIND 8 compatibility: named/named-checkconf failed
to parse "host-statistics-max" in named.conf.
1745. [bug] Dig/host/nslookup accept replies from link locals
1731. [port] darwin: relax version test in ifconfig.sh.
1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
1717. [port] solaris: ifconfig.sh did not support Solaris 10.
"ifconfig.sh down" didn't work for Solaris 9.
1716. [doc] named.conf(5) was being installed in the wrong
1714. [bug] dig/host/nslookup were only trying the first
1707. [contrib] sdb/ldap updated to version 1.0-beta.
1705. [func] Allow the journal's name to be changed via named.conf.
"#include <isc/print.h>". [RT #12321]
1701. [doc] A minimal named.conf man page.
are defined in named.conf. [RT #12023]
/usr/lib. [RT #11971]
1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
adb.c:set_target(). [RT #11582]
1648. [func] Update dnssec-lookaside named.conf syntax to support
1625. [bug] named failed to load/transfer RFC2535 signed zones
1612. [bug] check-names at the option/view level could trigger
1599. [bug] Fix memory leak on error path when checking named.conf.
DNSSEC specify "dnssec-enable yes;" in named.conf.
1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
1566. [port] Support for the cmsg framework on Solaris and HP/UX.
were specified in /etc/resolv.conf. [RT #8232]
1551. [port] Open "/dev/null" before calling chroot().
1532. [port] netbsd: the configure test for <sys/sysctl.h>
requires <sys/param.h>.
1517. [port] Support for IPv6 interface scanning on HP/UX and
only (e.g. DE, LV, US and MUSEUM) these can be excluded
1503. [port] win32: install libeay32.dll outside of system32.
named.conf, tcp-listen-queue.
1498. [port] bsdos: 5.x support.
1478. [port] ifconfig.sh didn't account for other virtual
1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
doc/misc/options. [RT #5616]
via named.conf (edns-udp-size).
1425. [port] linux/libbind: define __USE_MISC when testing *_r()
function prototypes in netdb.h. [RT #4921]
1422. [func] Log name/type/class when denying a query. [RT #4663]
1419. [port] openbsd: use /dev/arandom. [RT #4950]
1417. [func] ID.SERVER/CHAOS is now a built in zone.
1410. [func] Handle records that live in the parent zone, e.g. DS.
1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
'recursing-file = "named.recursing";'.
1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
1353. [contrib] sdb/ldap to version 0.9.
in socket.c and eliminating a host of socket
1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
1336. [func] Nibble lookups under IP6.ARPA are now supported by
1334. [bug] When signing/verifying rdatasets, duplicate rdatas
1326. [bug] DNAME/CNAME signatures were not being cached when
1324. [port] darwin: ifconfig.sh now supports darwin.
1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
1276. [bug] libbind: const pointer conflicts in res_debug.c.
1269. [port] Openserver: ifconfig.sh support.
<sys/param.h> is included or not. Be consistent.
1247. [bug] Don't reset the interface index for link/site local
1234. [bug] contrib/sdb: 'zonetodb' failed to call
1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
at the named.conf checking stage. [RT #2431]
1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
lib/dns to use this function instead of local one.
occurs when parsing named.conf. [RT #2275]
1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
1145. [func] "host" no longer reports a NOERROR/NODATA response
named/lwresd at compile time. [RT #1982]
1119. [func] Added support in Win32 for NTFS file/directory ACL's
could cause an assertion failure in resolver.c
violation in adb.c. [RT #2017]
1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
1088. [port] libbind: MPE/iX C.70 (incomplete)
on load/reload if views were used. [RT #1947]
1041. [bug] Dig/host/nslookup could catch an assertion failure
1032. [func] hostname.bind/txt/chaos now returns the name of
1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
1030. [bug] On systems with no resolv.conf file, nsupdate
1029. [bug] Some named.conf errors did not cause the loading
1002. [bug] When reporting an unknown class name in named.conf,
972. [bug] The file modification time code in zone.c was using the
non-existent nlist.h. [RT #1640]
957. [bug] sys/select.h inclusion was broken on older platforms.
in named/win32/os.c due to code changes in
updated to add include path for os.h header.
953. [func] The /var/run/named.key file from change #843
has been replaced by /etc/rndc.key. Both
method (rndc.conf / controls). Unlike
bin/tests. [RT #1555].
946. [cleanup] doc/misc/options is now machine-generated from the
when installing isc-config.sh.
were not accepted in named.conf. [RT #1469]
and added lib/isc/win32/entropy.c.
900. [bug] A config.guess update changed the system identification
bin/tests/system/ifconfig.sh now recognize the new
899. [bug] lib/dns/soa.c failed to compile on many platforms
897. [bug] A config.guess update changed the system identification
to Darwin. This was derived from the config.guess
849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
just as <lwres/net.h> does.
843. [func] If no controls statement is present in named.conf,
generated by named and an rndc.conf-style file
named named.key will be written that uses it. rndc
838. [port] UnixWare 7.x.x is now suported by
833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
<dns/soa.h>, and extended them to support
832. [bug] The default location for named.conf in named-checkconf
825. [bug] zone.c:ns_query() detached from the wrong zone
character (i.e. "/") in its name and the directory
down-cased when signing/verifying records. [RT #1186]
in rndc.conf.
786. [bug] When DNSSEC signing/verifying data, owner names were
755. [bug] Fix incorrectly formatted log messages in zone.c.
748. [doc] List supported RFCs in doc/misc/rfc-compliance.
739. [port] Look for /dev/random in configure, rather than
737. [port] stdtime.c failed to compile on certain platforms.
dispatch.c:do_cancel(). [RT #733]
718. [cleanup] "internal" is no longer a reserved word in named.conf.
failure in adb.c. [RT #738]
703. [port] sys/select.h is needed on older platforms. [RT #695]
702. [func] If the address 0.0.0.0 is seen in resolv.conf,
693. [bug] An empty lwres statement in named.conf caused
685. [bug] nslookup should use the search list/domain options
from resolv.conf by default. [RT #405, #630]
646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
for syntax checking named.conf files and zone files,
604. [bug] The named.conf parser could print incorrect line
577. [func] Log illegal RDATA combinations. e.g. multiple
570. [bug] rbtdb.c allowed zones containing nodes which had
568. [func] Add sample simple database drivers in contrib/sdb.
of rdata type/class mnemonics in log messages.
516. [bug] Cache lookups which had a NULL node pointer, e.g.
DNAME, would trigger an INSIST(!search.need_cleanup)
490. [func] When a slave/stub zone has not yet successfully
from the named.conf "listen-on" statement, sockets
477. [bug] The the isc-config.sh script could be installed before
471. [bug] nsupdate didn't compile on HP/UX 10.20
and subsequent name servers in resolv.conf if the
457. [bug] Dig/host/hslookup didn't properly handle connect
documented as such in named.conf. [RT #304, RT #311]
is specified in named.conf. [RT #306]
is specified in named.conf. [RT #301]
432. [func] Added refresh/retry jitter. The actual refresh/
428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
(e.g. glue). This could cause SERVFAILs when
e.g. due to corrupt zones with multiple SOA records.
an argc/argv style vector of words and sets
view/global one for CNAME targets and additional
369. [func] Support new named.conf options, view and zone
the distribution, in doc/man/dnssec.
353. [bug] double increment in lwres/gethost.c:copytobuf().
348. [func] New boolean named.conf options 'additional-from-auth'
345. [bug] Large-scale changes/cleanups to dig:
341. [func] Support 'key' clause in named.conf zone masters
327. [bug] rndc.conf parser wasn't correctly recognizing an IP
320. [func] Multiple rndc changes: parses an rndc.conf file,
319. [func] The named.conf "controls" statement is now used
314. [func] The named.conf controls statement can now have
313. [bug] When parsing resolv.conf, don't terminate on an
resolv.conf search path from 6 to 8. If there
resolv.conf was empty or a comment.
310. [func] Changes to named.conf "controls" statement (inet
are listed in resolv.conf, silently ignore them
each library's ipv6.h defines the wrapper symbol of
any $sbindir/dig from a previous release.)
that lack /dev/random.
280. [func] Add isc-config.sh, which can be used to more
two or more files in libomapi.a were not namespace
278. [bug] bin/named/logconf.c:category_fromconf() didn't take
266. [bug] zone.c:save_nsrrset() node was not initialized.
262. [bug] 'master' was not initialized in zone.c:stub_callback().
for global options block of named.conf. Both accept
258. [bug] Fixed printing of lwres_addr_t.address field.
256. [func] isc_ratelimiter_t now has attach/detach semantics, and
253. [func] resolv.conf parser now recognizes ';' and '#' as
252. [bug] resolv.conf parser mishandled masks on sortlists.
244. [bug] empty named.conf file and empty options statement are
243. [func] new cachesize option for named.conf
+ missing sigwait prototype on BSD/OS 4.0/4.0.1.
BSD/OS 4.*, Linux and Solaris 2.8.
230. [func] Replace the dst sign/verify API with a cleaner one.
from confparser.c, because of yacc's code, are
212. [func] Added dns_message_get/settsigkey, to make TSIG
compiling in the lib/dns/sec/{dnssafe,openssl}
204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
run on a PA 1.x system."
201. [cleanup] Removed the test/sdig program, it has been
replaced by bin/dig/dig.
(e.g., running out of network buffers) were
and/or interfaces. [19-May-2000 explorer]
191. [func] Patched to compile on UnixWare 7.x. This platform
range for overflow/underflow. In the case of
184. [cleanup] Variables/functions which began with two leading
underscores were made to conform to the ANSI/ISO
179. [func] options named.conf statement *must* now come
178. [func] Post-load of named.conf check verifies a slave zone
168. [bug] include statements in named.conf caused syntax errors
162. [bug] Ensure proper range for arguments to ctype.h functions.
masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
util/check-includes for how this was tested.
145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
<isc/result.h>.
of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
need <isc/eventclass.h>.
instead of <isc/time.h>.
128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
and creates null keys/sets zone status bit for
<isc/result.h>.
<isc/result.h>. Multiple inclusion protection
isc_symtab_t moved to <isc/types.h>.
<isc/net.h>.
118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
117. [cleanup] libdns.a changes:
116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
<isc/list.h>.
<isc/mutex.h>.
<isc/list.h>.
bin/tests/{db,mem,sockaddr,tasks,timers}/.
108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
105. [doc] doc/dev/coding.html expanded with other
103. [func] libisc buffer API changes for <isc/buffer.h>:
on BSD/OS 4.1.
101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
<isc/event.h>.
or <isc/result.h>.
<isc/result.h>.
90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
from <named/listenlist.h>.
<isc/mem.h>. isc_interface_t and isc_interfaceiter_t
moved to <isc/types.h>.
86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
<isc/types.h>.
<isc/int.h>.
<isc/lang.h>.
subsumed by file.o.
OpenSSL libraries/headers.
from <dns/types.h>.
59. [bug] Cause net/host unreachable to be a hard error
58. [bug] bin/named/query.c could sometimes trigger the
(client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
<sys/param.h>.
logging module "dns/validator".
and isc_lex_t to <isc/types.h>.
31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
25. [bug] make install failed to install <isc/log.h> and
configure.in to check for presence of in6addr_any.
9. [cleanup] replaced bit-setting code in confctx.c and replaced
4. [port] bin/named/unix/os.c didn't compile on systems with
get only what we need from <linux/capability.h>, and
systems without /dev/random.
lib/isc/unix/include/isc/Makefile.in had a typo which